Some legal trouble with TOR in France

Sun May 14 22:10:07 UTC 2006

If somebody was forced to implement backdoors for the government, do you
think they would be allowed to tell you?

On 5/14/06, Adam Shostack <adam at homeport.org> wrote:
>
> Niels Ferguson says "over my dead body:"
> http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx  He's
> also said as much to me in person, as has Peter Biddle.
>
> Adam
>
>
> On Sun, May 14, 2006 at 10:43:22AM -0700, Ringo Kamens wrote:
> | I'm not saying the AES is weak. I'm saying that Microsoft might have
> | implemented a back-door for governments. They could store the private
> keys and
> | passwords in videocard memory or in the boot sector or something like
> that.
> |
> | On 5/14/06, Tony <Tony at tdrmail.co.uk> wrote:
> |
> |
> |     2. The restrictions on encryption were removed some years ago. The
> best
> |     encryption software comes from outside the USA anyway so it was
> always a
> |     pointless exercise in futility.
> |
> |
> |
> |     Unless a vulnerability is found in 256 bit AES it would take them
> longer
> |     than the ages of the universe to crack a key by brute force no
> matter how
> |     many terraflops of power they have to task on your key (not to
> mention the
> |     many others they might want to crack)
> |
> |
> |
> |     3. Filtering content is not quite the same as signing code and
> pretending
> |     it comes from Microsoft. Such a piece of code would have a changed
> checksum
> |     would likely be spotted and then analysed. I can't see Microsoft
> doing that
> |     unless required by law.
> |
> |
> |
> |     4. TPM is part of the trusted computing concept. It just makes it
> much
> |     harder. Not impossible.
> |
> |
> |
> |
> ---------------------------------------------------------------------------
> |
> |     From: owner-or-talk at freehaven.net [mailto:
> owner-or-talk at freehaven.net] On
> |     Behalf Of Ringo Kamens
> |     Sent: 14 May 2006 18:31
> |
> |
> |     To: or-talk at freehaven.net
> |     Subject: Re: Some legal trouble with TOR in France
> |
> |
> |
> |     There are a few key points that you are overlooking.
> |
> |
> |
> |     1. In support of the photocopying money scandal, most printers have
> yellow
> |     dots imprinted on them that track date printed, serial number, etc.
> |
> |
> |
> |     2. By US export law, US companies are not allowed to export
> encryption
> |     larger than 56 bit (although it might have jumped to 128 a few years
> ago),
> |     unless it has been certified by the government.  That means unless
> it has a
> |     backdoor. Plus, governments have thousands of teraflops of idle
> computer
> |     cycles waiting to crack your keys.
> |
> |
> |
> |     3. How can you honestly think Microsoft wouldn't bend over for the
> US
> |     government. They bent over for China. Look at PGP. They moved to
> closed
> |     source after version 6.0 with no valid reason. The reason is
> probably the
> |     government.
> |
> |
> |
> |     4. In terms of using checksums to ensure your system hasn't been
> tampered
> |     with, the computer hardware could have a defense system against that
> such
> |     as trusted computing.
> |
> |
> |
> |     Ringo Kamens
> |
> |
> |
> |     On 5/14/06, Mike Zanker < mike at zanker.org> wrote:
> |
> |     On 14/5/06 15:10, Tony wrote:
> |
> |     > Nb- failure to disclose keys is up to two years in prison. Not 10.
> |     >
> |     > (5) A person guilty of an offence under this section shall be
> liable-
> |     >
> |     >   (a) on conviction on indictment, to imprisonment for a term not
> |     > exceeding two years or to a fine, or to both;
> |     >   (b) on summary conviction, to imprisonment for a term not
> exceeding
> |     > six months or to a fine not exceeding the statutory maximum, or to
> both.
> |
> |     Furthermore, that's part III of RIPA which hasn't been enacted yet.
> |
> |     Mike.
> |
> |
> |
> |     This message has been scanned for viruses by MailController -
> |     www.MailController.altohiway.com
> |
> |
> |
> |
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060514/ce0befed/attachment.htm>