<<

. 39
( 41 .)



>>

At long last, an alternative to DES became a standard. On Novem-
ber 26, 2001, NIST Federal Information Processing Standard Publica-
tion 197, “The Advanced Encryption Standard” (AES) was published.
The multi-year process of moving away from DES could at least begin.
On July 26, 2004, NIST announced its proposal to withdraw DES as a
standard altogether. In that announcement, NIST said simply, “DES
is now vulnerable to key exhaustion using massive, parallel computa-
tions.” The proposal™s request for comments period ended on Septem-
ber 9, 2004. It would seem that in answer to Peter Trei™s October 1,
1996 question, yes, we can kill single DES.
Instead being limited to 56-bit keys, we now have a standard in
AES with variable key sizes available, providing as much as 256 bits of
protection.
278 CHAPTER 41

DES might have been replaced without the RSA DES Challenges”
the process for replacement did start at NIST before DES fell to a brute
force attack. On the other hand, NIST™s AES announcement did come
after RSA announced that it would launch the contests, and the failure
of DES to withstand three public brute force attacks between 1997 and
1999 might have proved to be just what was needed to keep pressure
on NIST to follow through with the standard.
What is less clear is whether cryptography would be free today
without the DES Challenges. DESCHALL and its successors were of-
ten cited by lawmakers who kept e¬orts to repeal restrictions on cryp-
tography alive in Congress; e¬orts of lawmakers to limit cryptography
failed in 1997. Subsequent debate over cryptography continued, until
the SAFE bill”reintroduced into congress yet again in 1999”began to
pick up broad support. Even Senator John McCain, who had worked
to defeat cryptography liberalization e¬orts in the Senate, became a
believer in the virtues of free cryptography and supported SAFE.
In December 1999, even the White House had changed its position.
New cryptography regulations were released, allowing for a wide va-
riety of “automatic exemptions” from export restrictions. Subsequent
tinkering led to an even more liberal policy: with a few exceptions, even
the strongest cryptography could be exported directly overseas by U.S.
companies.
The pressure exerted by news of RSA™s DES Challenges might well
have been just the force needed to cause the Clinton administration to
reverse its position and to stop ¬ghting industry e¬orts to address the
global marketplace.
Today, software is di¬erent from what it was in 1997. Now, products
come with strong cryptography built in. From both the perspective of
forcing DES into retirement and allowing U.S. companies to participate
in the global market for cryptography, the Crypto Wars”the battle
to liberate cryptography”were won. While neither the DESCHALL
group nor the RSA Secret Key Challenges can take sole credit, both
are rightly seen as major contributors to one of the most critical battles.
While cryptography today is free in practice”through the absence
of restrictions”it is noteworthy that the SAFE bill never did make it
to the Senate ¬‚oor, and its provisions prohibiting the government from
introducing requirements for restricted cryptography never became law.
As a result of improved protection and reclaimed liberty, in 2004,
many more people are accustomed to the idea of encryption and how
In Retrospect 279

it protects their information against threats to con¬dentiality and in-
tegrity. While they don™t usually understand what exactly it means,
they know the di¬erence between “secure” and “unsecured” when
they™re shopping online. The infrastructure that supports electronic
commerce and global communication is safer against a wide variety of
attacks, and citizens are free to communicate privately with whomever
they choose thanks to cryptography™s accessibility.




We should not conclude that privacy is “solved” because we now have
the freedom to encrypt.
The need to employ cryptography is becoming increasingly obvi-
ous, and not just for the purpose of transmission of information. In-
formation stored in computers is now being encrypted with greater
frequency. Even where information technology users have not histori-
cally been especially sophisticated (such as health care), industry reg-
ulation designed to improve the accountability of information handling
now requires encryption of certain types of information under certain
circumstances.
Cryptography is now also being used for more controversial pur-
poses, and what appears to be the sequel to the Crypto Wars is already
underway. This time, it isn™t the balance of rights between individuals
and their government, but consumers and the vendors who sell them
things.
Consider the use of cryptography in new media, such as DVD play-
ers. Most DVDs produced are now encrypted, such that the discs will
not play on devices that have not licensed the key needed to unlock the
video stream. The idea is that by having discs secured against playback
except on devices where the manufacturers have agreed to pay a fee to
disc producers and to enforce certain rules, an exclusive club can be es-
tablished for the playback of copyrighted work. Film producers expect
that the exclusive club would e¬ectively protect against the production
of illegally copied discs.
Of course, cryptography is not a tool that prevents the copying of
data. Cryptography is a tool that makes data”even if copied”useless
to anyone without the key. Thus, cryptography™s use in DVD players
does nothing to prevent DVDs from being copied. Cryptography in
280 CHAPTER 41

DVD players only provides an arti¬cial extension of producer™s rights
to playback devices. It™s a little like selling you a copy of this book
but having the text be impossible to read unless you also buy a pair
of glasses with a special chip that only I can sell. You can buy your
glasses from anyone you choose, produced by any manufacturer you
like, but the critical component needed to read the book you™ve already
purchased must always be supplied by me.
That might sound like an anti-consumer position, and lawyers can
(and have been) debating about the legalities involved. In addition
to the law that has been historically applied in cases like this, the
Digital Millennium Copyright Act (DMCA) is being argued. DMCA,
which became e¬ective in October 2000, updated U.S. copyright law,
strengthening it considerably in favor of copyright holders.
In particular, DMCA prohibits any attempt to defeat an “e¬ective”
technical means of copyright enforcement. Putting the obvious logi-
cal question aside”an e¬ective mechanism would withstand attack, so
what™s the point of prohibiting attack?”we are still left with a trou-
bling question. If consumers cannot independently verify the security of
such systems and if we cannot understand how these systems are likely
to fail, how are we supposed to ensure their validity? Do we naively
assume that “someone else” has taken care of it?
When faced with a technology that claims to protect publishers™
rights without infringing consumers™ rights, should consumers and
copyright holders simply accept such claims at face value? Why would
such claims not be subject to the same kind of public dissection and
commentary that a¬ect other rights, as was the case with cryptogra-
phy?
Princeton professor Edward Felten led a team that responded to a
challenge to crack technologies under consideration for the protection of
digital information put forth by an industry group, the Secure Digital
Music Initiative (SDMI). Felton™s paper describing his inquiry and ¬nd-
ings was scheduled for publication in a scienti¬c context, at the Fourth
International Data Hiding Workshop in April 2001. Upon learning that
Felton™s paper was to be published, SDMI and the Recording Industry
Association of America (RIAA) threatened to sue Felton for violating
DMCA because Felten™s analysis of their digital “watermarking” meth-
ods showed how they could be defeated. After some threats of litigation
were dropped and others resulted in suits being ¬led, the paper was ¬-
nally published in August 2001 at the USENIX Security Symposium.21
In Retrospect 281

(Other researchers have chosen to censor themselves rather than face
threats of litigation by large industry cartels.22 )
Imagine a system designed to track the activity of Web users sur-
reptitiously, employing cryptographic mechanisms to hide its activity”
many of these systems have been discovered and documented.23 If the
user of a system wants to see what™s happening, would he simply have
to take the software manufacturer™s word at face value? Would a man-
ufacturer attempt to use DMCA to prevent analysis and commentary
on technology that impacts the lives of its users?
In his book Code and Other Laws of Cyberspace, Lawrence Lessig
makes a compelling argument that the technology all around us, the
basis of our information infrastructure, is not inherently resistant to
centralized control. Among the forces a¬ecting the way that these sys-
tems work is the law. Because law also a¬ects other forces, such as the
market, it has a disproportionate in¬‚uence.
As a consequence of DMCA, there is a body of law granting rights to
copyright holders over how consumers may use their own devices, that
they may not use them in such a way that mechanisms to protect the
content are subverted. Indeed, part of that “protection mechanism”
could involve having playback devices “phone home” to report user
activity to the vendor.
As a result of the Crypto Wars, there is now largely an absence of law
regarding the government™s control of cryptography; citizens may use
cryptography to communicate without government inspection. Copy-
right owners may also use cryptography to prevent consumers from
seeing what playback devices are reporting when “phoning home.”
Hence, increasingly strong publishers™ rights in combination with the
freedom of cryptography can present a danger to consumers. Simson
Gar¬nkel™s Database Nation covers the topic of privacy more generally,
but one important point should be made here: privacy is not a “solved
problem” because we are free to use cryptography. The people and
organizations who want to watch our actions, whether for pro¬t, to do
us harm, or simply to get a cheap thrill are also free to encrypt.
E¬orts to liberate cryptography have succeeded, and the world is
now di¬erent as a result. In many ways, we™re safer. In other ways, we™re
not. What is important to understand is that technology is amoral; it
is neither good nor bad. Only people”free moral agents”can act to
good or bad e¬ect. Whether the freedom to encrypt helps us or hurts
us ultimately depends on what we do with that freedom.
Notes




1 Cipher Deavours and Louis Kruh. The Commercial Enigma: Be-
ginnings of Machine Cryptography. Cryptologia, 26(1), January 2002.
2 Jennifer
Wilcox. Sharing the Burden: Women in Cryptology during
World War II. NSA Web Site, March 1998. [online]
http://www.nsa.gov/publications/publi00014.cfm.
3 Stephen Budiansky. Battle of Wits. Free Press, 2002.
4G Johnson. Claude Shannon, Mathematician, Dies at 84. The New
York Times, February 27, 2001.
5 Claude E. Shannon. A Mathematical Theory of Communication.
Bell System Technical Journal. 27:379-423 and 623-656, July and Oc-
tober 1948.
6 Claude E. Shannon. Communication Theory of Secrecy Systems.
Bell System Technical Journal. 28:656-715, October 1949
7 Tom Athanasiou. DES and NSA™s New Codes. In Peter G. Neu-
mann, editor, RISKS Digest, volume 6, January 1987.
8 Simon Singh. The Code Book. Anchor, 1999.
9 D.Kahn. The Codebreakers: The Story of Secret Writing. Macmil-
lan Publishing Company, New York, USA, 1967




283
284 NOTES

10 RobertMorris. The Data Encryption Standard”Retrospective
and Prospects. IEEE Communications Society Magazine, 16(6):11“14,
November 1978.
11 National Bureau of Standards. Data Encryption Standard. Fed-
eral Information Processing Standards Pub. 46, Washington, D.C., Jan.
1977.
12 Ruth
M. Davis. Data Encyption Standard in Perspective. IEEE
Communications Society, November 1978.
13 Hayden B. Peake. The VENONA Progeny. Naval War College Re-
view, 53(3), Summer 2000.
14 Steven Levy. Crypto. Viking, 2001.
15 Technically
speaking, searching the keyspace would not take longer,
but there would be more post-production work required to separate a
possible match from a correct match. The di¬erence, in practice, is
negligible.
16 Germano Caronni and Matt Robshaw. “How Exhausting is Ex-
haustive Search?” CryptoBytes 2(3), Winter 1997.
17 TheDESCHALL mailing list archives are still available online at
http://www.interhack.net/projects/deschall/.
18 Andr´s
aSalamon. Internet Statistics. [online]
http://www.dns.net/andras/stats.html, February 1998.
19 The ¬rst edition is online at http://www.crypto.com/papers/.
20 The o¬cial abbreviation, which appears in RSA™s documentation
speci¬es more detail about the exact con¬guration of RC5 than just
the key size. RSA wrote the ¬fty-six-bit version of RC5 as “RC5-
32/12/7,” which speci¬ed the “word size” (thirty-two bits), the number
of “rounds” (twelve) the cipher would use, and the number of bytes for
the key (seven, times eight bits for each byte gives us ¬fty-six bits).
21 Informationon the controversy and the paper itself can be down-
loaded from Princeton at http://www.princeton.edu/sip/sdmi/.
NOTES 285

22 Cryptographer Niels Ferguson has an essay on this topic, “Censor-
ship in action: Why I don™t publish my HDCP results.” It can be found
online at http://www.macfergus.com/niels/dmca/cia.html.
23 One such system, PC Friendly, comes standard on many DVDs.
See http://www.interhack.net/pubs/pcfriendly/.
Index




1997 Secret Key Challenge, 44“45 Bradley, Jeremy, 148
Brooks, Piete, 64
Adleman, Len, 41 Brown, Mikael, 148
Advanced Encryption Standard, 273 brute force, 16, 19“21, 23“27, 53“55, 57,
Ahn, Dave, 183 127
AIX, 44, 95 DES Challenge II, 271
Ajtai, Mikl´s, 179
o DES Challenge III, 272
Albertelli, Guy, 95, 147, 189 hardware, 61
Alphabetical Typewriter 97, 5 of 56-bit RC5, 271
American Bankers Association, 20 parallelization, 58
American Civil Liberties Union, 213 software, 59“61
American National Standards Institute, BSD Unix, 44
20 Bureau of Export Administration, 71
Americans for Tax Reform, 213 Burns, Conrad, 163, 255, 269
Anderson, Ross, 229
Caesar Cipher, 27

<<

. 39
( 41 .)



>>