I'm not saying the AES is weak. I'm saying that Microsoft might have implemented a back-door for governments. They could store the private keys and passwords in videocard memory or in the boot sector or something like that.
<br><br>
<div><span class="gmail_quote">On 5/14/06, <b class="gmail_sendername">Tony</b> <<a href="mailto:Tony@tdrmail.co.uk">Tony@tdrmail.co.uk</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div lang="EN-US" vlink="blue" link="blue">
<div>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">2. The restrictions on encryption were removed some years ago. The best encryption software comes from outside the USA anyway so it was always a pointless exercise in futility.
</span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> </span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Unless a vulnerability is found in 256 bit AES it would take them longer than the ages of the universe to crack a key by brute force no matter how many terraflops of power they have to task on your key (not to mention the many others they might want to crack)
</span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> </span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">3. Filtering content is not quite the same as signing code and pretending it comes from Microsoft. Such a piece of code would have a changed checksum would likely be spotted and then analysed. I can't see Microsoft doing that unless required by law.
</span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> </span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">4. TPM is part of the trusted computing concept. It just makes it much harder. Not impossible.</span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> </span></font></p>
<div>
<div style="TEXT-ALIGN: center" align="center"><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">
<hr align="center" width="100%" size="2">
</span></font></div>
<p><b><font face="Tahoma" size="2"><span style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</span></font></b><font face="Tahoma" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:owner-or-talk@freehaven.net" target="_blank">
owner-or-talk@freehaven.net</a> [mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:owner-or-talk@freehaven.net" target="_blank">owner-or-talk@freehaven.net</a>] <b><span style="FONT-WEIGHT: bold">
On Behalf Of </span></b>Ringo Kamens<br><b><span style="FONT-WEIGHT: bold">Sent:</span></b> 14 May 2006 18:31</span></font></p></div>
<div><span class="q"><br><b><span style="FONT-WEIGHT: bold">To:</span></b> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:or-talk@freehaven.net" target="_blank">or-talk@freehaven.net</a><br><b><span style="FONT-WEIGHT: bold">
Subject:</span></b> Re: Some legal trouble with TOR in France</span></div>
<div>
<p></p></div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p>
<div></div>
<div><span class="e" id="q_10b33fc37b1e13c8_3">
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">There are a few key points that you are overlooking.</span></font></p></span></div>
<div></div></div>
<div><span class="e" id="q_10b33fc37b1e13c8_5">
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">1. In support of the photocopying money scandal, most printers have yellow dots imprinted on them that track date printed, serial number, etc. </span>
</font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">2. By US export law, US companies are not allowed to export encryption larger than 56 bit (although it might have jumped to 128 a few years ago), unless it has been
<strong><b><font face="Times New Roman">certified by the government. </font></b></strong>That means unless it has a backdoor. Plus, governments have thousands of teraflops of idle computer cycles waiting to crack your keys.
</span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">3. How can you honestly think Microsoft wouldn't bend over for the US government. They bent over for China. Look at PGP. They moved to closed source after version
6.0 with no valid reason. The reason is probably the government. </span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">4. In terms of using checksums to ensure your system hasn't been tampered with, the computer hardware could have a defense system against that such as trusted computing.
</span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></div>
<div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">Ringo Kamens<br><br> </span></font></p></div>
<div>
<p><span><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">On 5/14/06, <b><span style="FONT-WEIGHT: bold">Mike Zanker</span></b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:mike@zanker.org" target="_blank">
mike@zanker.org</a>> wrote:</span></font></span> </p>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">On 14/5/06 15:10, Tony wrote:<br><br>> Nb- failure to disclose keys is up to two years in prison. Not 10. <br>><br>> (5) A person guilty of an offence under this section shall be liable-
<br>><br>> (a) on conviction on indictment, to imprisonment for a term not<br>> exceeding two years or to a fine, or to both; <br>> (b) on summary conviction, to imprisonment for a term not exceeding<br>> six months or to a fine not exceeding the statutory maximum, or to both.
<br><br>Furthermore, that's part III of RIPA which hasn't been enacted yet. <br><br>Mike.<br><br><br><br>This message has been scanned for viruses by MailController - <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.mailcontroller.altohiway.com/" target="_blank">
www.MailController.altohiway.com</a></span></font></p></div>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></span></div>
<div></div></div></div></blockquote></div><br>