Re: crypt

To: Rick Jones <rickya@siservices.net>
Cc: Nathan E Norman <nnorman@cfni.com>, Timothy Phan <tphan@asl.dl.nec.com>, Debian User <debian-user@lists.debian.org>
Subject: Re: crypt
From: Vadim Vygonets <vadik@cs.huji.ac.il>
Date: Sat, 31 May 1997 01:58:31 +0300 (IDT)
Message-id: <Pine.BSI.3.96.970531014228.8436C-100000@robin.cs.huji.ac.il>
In-reply-to: <Pine.LNX.3.96.970530133437.7273A-100000@localhost.localnet.>

Ok, first I'd like to say, that although I know Rabin and Shamir (the
R and S from RSA, not the Israeli prime ministers) personally, I have
no clue in cryptography, and I do respect what Rick says, but...  But.

On Fri, 30 May 1997, Rick Jones wrote:

> These are not "strong" encryption methods.  The government and RSA want
> you to think they are but the fact is they aren't.  I guarentee you the
> government can make short work of these encryption methods.

[...]

> This is completely false.  I don't care what is done to a password.  If it
> is constant and repeatable, as password's need to be, then it's only a
> matter of time.  If the method ispublic knowledge as with the source code
> to encrypt passwords, it can be decrypted in no time.

Well, the question I have to you is a logical one: if you say that the
Unix password crypting method and even RSAREF are weak encryption
methods, then why doesn't anyone actually say it in public?  Do we
have so few cryptologists on the Net?  I was sure that the only method
to decrtypt Unix passwords is to use the method that the crack program
uses -- to try each and every one of them.  But, as far as I
understood you, you are saying that there is a possibility to do it
with crypto-analysis.  Then, why haven't anyone done it until now?
And do you know people who can do it?

> These are the only methods available because of restrictions.  They are by
> no means strong, or decryption proof.  The whole idea is that not many are
> going to go to the extremes it takes to actually break these things.

Which restrictions?  USA is not the only country (and even not the
only country with smart people) in this world, so how can one
government control the Net?

> Anyone that doubts me when I say these encryption methods are like table
> scraps the government allows us to use (possibly because they can break
> them while having coffee) is a fool.  Flame me if you like.  I'll only
> laugh at your ignorance and government brain-washing.

Just a second, I am in Israel, people on this list are in Ireland,
Jamaica and Brasil, so what have we got to do with _your_ government?
I'm allowed to use any encryption system I can get.  And yes, please
explain me that bit about Zimmerman's case in FBA -- what does it
worth if PGP is so weak?

> I have the knowledge and will spread it whenever possible because I know
> what the government is doing when they regulate this stuff.  They want to
> make sure that if they can't controle the internet they can at least know
> what everyone is saying to each other.

Huh, the Net is too big even to auto-scan it all.  Again, can USA
control the line between Israel and Finland, which goes through
Switzerland (as far as I remember)?

> Do you doubt me :-)

I respect you, but I doubt you.

Vadik.

--
Vadim Vygonets * vadik@cs.huji.ac.il * vadik@debian.org * Unix admin
The fish doesn't think, because the fish knows...  everything.
	-- Arizona Dream

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: crypt
  - From: Rick Jones <rickya@siservices.net>

Prev by Date: Re: exim and virtual domains
Next by Date: Re: PPP,Samba and Linux
Previous by thread: Re: crypt
Next by thread: Re: crypt
Index(es):
- Date
- Thread