Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We're talking about crypto on this thread. I see the controversies over government access to communications differently than you do, but I'm not particularly interested in litigating the issue. The federal government has not subverted cryptography in any meaningful way; industry does a perfectly great job of doing that job for them.

You have a lot more to fear from the Linux devs "cleaning up" OpenSSL's CSPRNG than you do from the NSA.



But this is not true. David Wagner and Ian Goldberg (the cryptographers who cracked GSM) have documented that the encryption used was purposefully weakened to enable realtime software decryption of voice calls.

This was back in the late 1990s and there was a lot of discussion on the cryptography usenet group at the time (i.e. http://www.mail-archive.com/cryptography@metzdowd.com/msg007...) but there is a fairly readable mass market piece here (http://scard.org/gsm/pr/nytimes/). I'm only an amateur when it comes to this stuff, but why do you think David Wagner is wrong?


That happened in the 1990s. At the same time, the US Government tried to directly criminalize unregulated sales of encryption. They lost both fights: in 2012, it is easier than it has ever been to encrypt phone calls in a manner that prevents LEOs from eavesdropping on them.


That's true for phone calls for people that know how to do this. However:

1. Most people are unable to do this technically.

2. The fact that you do it may constitute prima facie evidence of being a person of interest.

3. The government is trying very hard to get the means to wiretap VoIP.

4. It doesn't address traffic analysis at all. I know you said you aren't concerned about this, but there are plenty of people who are, and the government is going like gangbusters (literally, I guess) toward this.


What does "prima facie evidence of being a person of interest" even mean? You can be a person of interest simply by virtue of build and hair color.

The US Government hasn't restricted traffic analysis, and indeed nothing they have ever proposed W.R.T. encryption could have controlled traffic analysis.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: