Return-Path: <sentto-279987-2300-1001358597-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 24 Sep 2001 12:12:10 -0700 (PDT) Received: (qmail 30963 invoked by uid 510); 24 Sep 2001 19:10:18 -0000 Received: from n29.groups.yahoo.com (216.115.96.79) by 204.181.12.215 with SMTP; 24 Sep 2001 19:10:18 -0000 X-eGroups-Return: sentto-279987-2300-1001358597-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by b05.egroups.com with NNFMP; 24 Sep 2001 19:09:57 -0000 X-Sender: partners@7pillars.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2_2); 24 Sep 2001 19:09:56 -0000 Received: (qmail 83100 invoked from network); 24 Sep 2001 19:08:10 -0000 Received: from unknown (10.1.10.142) by l7.egroups.com with QMQP; 24 Sep 2001 19:08:10 -0000 Received: from unknown (HELO sirius.infonex.com) (63.215.252.2) by mta3 with SMTP; 24 Sep 2001 19:08:08 -0000 Received: from localhost (partners@localhost) by sirius.infonex.com (8.8.8/8.8.8) with SMTP id MAA27198 for <iwar@yahoogroups.com>; Mon, 24 Sep 2001 12:08:07 -0700 (PDT) X-Authentication-Warning: sirius.infonex.com: partners owned process doing -bs X-Sender: partners@sirius.infonex.com To: iwar@yahoogroups.com In-Reply-To: <4.3.2.7.2.20010924114159.00b61560@poptop.llnl.gov> Message-ID: <Pine.SOL.3.96.1010924120328.26970A-100000@sirius.infonex.com> From: 7Pillars Partners <partners@7pillars.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 24 Sep 2001 12:08:05 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] [fc:Research.slaps.crypto-banning.Feds] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit I agree with your conclusions, Tony. I laughed through most of the paper. This one reminded me of my recent experience at DefCon9 when a 'hacker' was talking about 'cypherpunk-grade' unmonitorable communications. I left after 10 minutes, and that was stretching my patience. It was clear that the people involved in the project had no real world experience in intelligence or tradecraft, and it was reflected in their assumptions and design (which, as opposed to being useful, would instead get personnel killed). The paper here struck me as essentially the same thing, and it was a true shame. What was the last password that -you- used that would fall to a dictionary attack? I haven't been that sloppy in decades. I don't think Al-Qaida is that sloppy either. MW On Mon, 24 Sep 2001, Tony Bartoletti wrote: > Although the hype about "widespread use of crypto/steganography by > terrorists" is probably overblown, I am curious how any group could examine > a graphic image to determine if steganography were in use. Aside from > thousands of possible encoding schemes that could be used to embed a > "plain-text" message, one must consider that the text could easily be > obscured beforehand by some combination of compression or otherwise "weak" > encryption. The combinations and variations are staggering, and if you > don't hit upon the right one, you see nothing out of the ordinary. > > As much as I oppose "crypto-banning" in general, I find the statement "The > researchers discuss, and dismiss, the possibility > that strong passwords were being used" to be patently self-serving. > > ____tony____ > > At 10:54 PM 9/21/01 -0700, you wrote: > >Research slaps crypto-banning Feds > > > >By Andrew Orlowski in San Francisco > > > >Posted: 22/09/2001 at 01:03 GMT > > > >While America's own fundamentalists - led by US Attorney General John > >Ashcroft - prepare the most draconian assault on Americans' civil > >liberties since the second world war, their very own causus beli seems > >to be vanishing. > > > >The enormous increase in surveillance has been justified by claims that > >terrorists are using cryptography, and in particular steganography: the > >art of hiding information. USA Toady has run a series of articles on > >the theme, all predictably quoting 'anonymous' security sources, > >describing how messages are passed hidden in picture innocuous picture > >files on sites such as eBay. > > > >Or maybe, not so innocuous. The tabloid even managed to score a > >tasteless bullseye last week with an article that combined pornography, > >cryptography, terrorism and sport in the same article. For any readers > >who doubted the message, it was illustrated with a picture of /bin/laden > >himself. > > > >But steganography isn't nearly as widespread a threat as you'd believe. > > > >A research paper published a fortnight before the attacks on US > >civilians and made public this week has discovered no examples of > >steganographic content on eBay whatsoever. > > > >Having exhaustively examined two million images on eBay, not one was > >found to contain steganographic content, according to academics Niels > >Provos and Peter Honeyman, who've published the paper at the University > >of Michigan's website. > > > >15,000 of the two million images were deemed to have some form of > >steganographically-encrypted content by the JPIIhide program. But after > >subjecting the images to dictionary attacks, not a single hidden message > >was discovered. The researchers discuss, and dismiss, the possibility > >that strong passwords were being used. In short, they conclude, there > >is no significant use of steganography on the Internet. > > > >Put in context, this research could simply prove that terrorists don't > >use eBay to as a source for populating their model Ewok Villages. > > > >But more seriously it rubbishes one of the primary reasons for cracking > >down on personal privacy in the US. > > > >The paper, available in Postscript or PDF formats (and rendered in that > >spidery font that cryptographers seem to love) is a 800KB download > > > > > >------------------ > >http://all.net/ > > > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > Tony Bartoletti 925-422-3881 <azb@llnl.gov> > Information Operations, Warfare and Assurance Center > Lawrence Livermore National Laboratory > Livermore, CA 94551-9900 > > > > > > > ------------------ > http://all.net/ > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/XrFcOC/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT