the government is apparently totally incapable of cracking encryption even given five years with the data to themselves.... 12 bits of encryption... My VAIO could brute-force that in five minutes.
I saw this a few times in the comments on that story too, and I can't get over how totally some people seem to fail to understand encryption. This is at least as dumb as the "factoring large prime numbers" mistake that so many people make when talking about RSA. What makes you think he used such a weak code? Your TI-85 would have been perfectly capable of encrypting with, say, a 4096-bit RSA key (I have no idea what he actually used) -- it may have taken minutes or even hours instead of seconds, but the result is every bit as strong now as it was then. What you're missing is that that is exactly the point of why "they" don't like people having strong encryption: they can't crack it! That's why it's called strong encryption. It's not like, "Gee, this code is really hard, but you'd think in five years they'd manage to figure it out." That's just ridiculous. If the files are encrypted with a 4096-bit RSA public key, then they might as well be random noise, since that number is never going to be factored (barring a breakthrough in quantum computing or number theory).
Sure, distributed.net has done well on some small keys, and is likely to finish RC5-64 in the next couple years, but those efforts are to prove a point about the weakness of small keys. Strong encryption is the kind where, if every particle in the universe were part of one big computer, the code still couldn't be cracked in the lifetime of the universe. In those cases, the only way to get at the data is some kind of "sideband attack", e.g., finding the key written down somewhere (if he'd been that dumb) or getting him to surrender it. If he was smart enough to use a strong code and not leak any sideband information, there's nothing they can do.
We're the most powerful nation in the world and can't crack five-year-old encryption in five years.
Well, that just goes to show what happens when those evil hackers have access to strong encryption. This is why that technology has to be controlled -- to save the government from this kind of embarrassment. Seriously, this is the strangest part of your argument: all this time, whenever a crypto-control story has come up, we have all railed against the government(s) for trying to control the technology and limit us to codes that they can break, and now, when you see an example of what happens when someone uses a strong code, you make fun of them for not being able to crack it. What's that?
Mitnick's encrypted files (Score:3)
the government is apparently totally incapable of cracking encryption even given five years with the data to themselves.
I saw this a few times in the comments on that story too, and I can't get over how totally some people seem to fail to understand encryption. This is at least as dumb as the "factoring large prime numbers" mistake that so many people make when talking about RSA. What makes you think he used such a weak code? Your TI-85 would have been perfectly capable of encrypting with, say, a 4096-bit RSA key (I have no idea what he actually used) -- it may have taken minutes or even hours instead of seconds, but the result is every bit as strong now as it was then. What you're missing is that that is exactly the point of why "they" don't like people having strong encryption: they can't crack it! That's why it's called strong encryption. It's not like, "Gee, this code is really hard, but you'd think in five years they'd manage to figure it out." That's just ridiculous. If the files are encrypted with a 4096-bit RSA public key, then they might as well be random noise, since that number is never going to be factored (barring a breakthrough in quantum computing or number theory).
Sure, distributed.net has done well on some small keys, and is likely to finish RC5-64 in the next couple years, but those efforts are to prove a point about the weakness of small keys. Strong encryption is the kind where, if every particle in the universe were part of one big computer, the code still couldn't be cracked in the lifetime of the universe. In those cases, the only way to get at the data is some kind of "sideband attack", e.g., finding the key written down somewhere (if he'd been that dumb) or getting him to surrender it. If he was smart enough to use a strong code and not leak any sideband information, there's nothing they can do.
We're the most powerful nation in the world and can't crack five-year-old encryption in five years.
Well, that just goes to show what happens when those evil hackers have access to strong encryption. This is why that technology has to be controlled -- to save the government from this kind of embarrassment. Seriously, this is the strangest part of your argument: all this time, whenever a crypto-control story has come up, we have all railed against the government(s) for trying to control the technology and limit us to codes that they can break, and now, when you see an example of what happens when someone uses a strong code, you make fun of them for not being able to crack it. What's that?
David Gould