Hillary Clinton Just Keeps On Going
I knew I had to get this out given what Hillary Clinton has said in terms of both Edward Snowden and her promise to give the government agencies and most especially the FBI the tools to decipher enciphered material including PK (public key) enciphered data.
Before I get started I must say that the gushing articles on both the Washington Post and the Guardian about Hillary Clinton made me mighty suspicious. I wouldn't be surprised that they and MSNBC or what ever new organization the Democrats watched didn't have all the news people at those organizations hypnotized by the Psychiatrists at these various organizations. How do they do it? Over the phone. How can you tell they are doing it? Well, if you have a dB meter on the phone and it registers volume that a non-listener can see but the listener doesn't hear anything then you are very likely to be hypnotized. It is one of the most potent weapons the FBI has.
Have I heard Hillary Clinton backtracking on this issue? Chug, chug, chug, chug, Chug, chug, chug, chug, Chug, chug, chug, chug, ... I tell you she is like the energizer bunny. She just keeps going and going and she never stops.
Other Representatives Disagree
I read this surprise article in the Washington Post on a legislative hearing on encryption:
I don't know whether I would use the term that the back doors are technologically stupid. I would say it is more like the idea that the encryption back-doors are either technologically dubious or technologically impossible. That is because I write from the viewpoint of an advanced encryption user who has vetted GnuPG's code several times and came to it from a mathematical background. Right off hand I don't think you can do it. I saw them going this way once before with the Clipper chip in the 1990s. Here is a good central point on what it was:
What they don't say on that page is that somebody was able to hack the Clipper system. That is why it is not with us today. Ergo, maybe the statement that back doors are technologically stupid is more appropriate after all. What they are probably are saying is that what you keep telling us we are going to do is impossible so why do you keep saying it? By the way, Representative Ted Lieu, have you considered a run to become President of the United States? The Democratic party needs somebody besides Hillary Clinton. Don't even consider being Vice President. I realize that if Hillary wins she will die in office with each of her years being like everybody else's four years in aging her. But we need somebody to hit the ground running with the right idea on this and other issues. The Republicans have already de-facto announced that all elements of the draconian Patriot Act will be renewed as is. We need somebody to think about that and many other things. I am not in favor of the Patriot Act at all. Hillary is.
One of the commenters in the Washington Post article said something about what happens if you use OpenPGP security to send a message to multiple recipients. I don't know what they were attempting to say but I know what happens. First note that you are not prompted for your OpenPGP pass-phrase. Why not? Because you are enciphering it using the public side of everybody's key in the recipient list. But you have a public key for each and every one of them! So what happens? The Enigmail plugin for Thunderbird and the equivalent thereof in Claws Mail and other clients makes a separate message for each and every one of the recipients. Everybody gets their copy of the message and everybody else's copy as well, at least with Enigmail doing the sending. Don't fret because that is following the standard. So what if the intelligence community came along and specified that there should be only one message for all? That is technologically impossible. It is also technologically stupid. So I agree with the congress Representatives after all.
A New Paradigm
But with the NSA hacking Gemalto by exploiting the people that work for them by using those people's Facebook and Twitter accounts it didn't take long before Symantec and others took notice of what was going on. Symantec purchased PGP Corporation. Why? Their business is protecting companies and people from having their financial accounts and other things exposed. They have provided me with PDF file of a new way of doing things. I have it here:
Perfect Forward Secrecy
What is the difference between that and what we have now? They don't depend on permanent PK keys the way we are doing it now. Instead they use randomly generated transient session keys. It won't be something that is used with something like OpenPGP which will change to elliptic curve encryption in the future. But these people are always thinking forward. Now in this case I can agree with Representatives. Thinking you can put a third key way of doing things into a session key really is stupid. And on this we have more than the NSA to fear. The Chinese, Russians, and other political powers will want to hack enciphered messages. So will black-hat hackers who will want to do it for monetary gain.
Rest assured of at least two things.
First, much will change in the future. Encryption has never been a static field. It is constantly changing to meet new threats.
Second I don't buy those arguments that the people that are putting encryption into everything including even smart phones are aiding and abetting the commission of crimes. Daniel F Conley and others are just going to have to learn how to do better police work. You cannot tell me that enciphering of encryption means they are careful about everything. The Germans using the enigma machine used outside / inside session keys for each message. The outer one was three characters long and was not enciphered using the enigma machine (plain text). The inner one was enciphered using the outer one and should have been pretty hard to attack. So what did they use with outside three first, then a dash, then the inside three keys? LON-DON, MAD-RID, BER-LIN, and on and on. The most interesting one was TOM-??? The Bletchley Park crypt-analysts finally came upon TOM-MIX. He was the American cowboy film actor during mostly the silent era. Why did they do it this way? "We will use these session keys because they are easy." That is what the German teams thought. Why? They were convinced that the Enigma made them completely invulnerable. It didn't and neither will enciphering the message today.
We still have human rights workers whose very lives depend upon the encryption we provide today. How far will the FBI go in their lies? I have had I don't know how many people that supposedly live at my apartment. I have even had the local police at my apartment claiming that an individual by a given name (why don't they ever show me the written name?) lived at my apartment. When I asked who gave them the name one of the officers either lied through his teeth or the name given was given to them by the FBI because they said they had it on highest authority that person lived at my apartment. I showed them around and they must have realized they had a red herring. Yet again less than a month ago a private investigator came calling with yet another name. Do these police officers or the FBI ever do anything but lie? They are awfully sloppy in the data that they collect and they don't do a very good job analyzing it. I suggest they do much better analysis of data and eliminate spurious garbage.