DnA 7-3: Introduction to PGP and the Encryption Standard
by M. Theroux
One of the more interesting things concerning the world of Cryptography has been the government's recent attacks on PGP. PGP, the public key encryption system developed by Phil Zimmermann, has widely been acclaimed as the "one" NSA can't crack. This absurd notion is being propagated by many who fancy themselves knowledgeable in computer related cryptography. These neophytes bleat that the government's attacks on PGP are proof that the program is invincible even to the NSA's expertise and technology. It has been justly stated that to become an "expert" in cryptology one must first pay their dues cracking code. It is probable that none of the amateurs touting "uncrackable" have so much experience. They certainly wouldn't blatantly display their ignorance with such statements.
Far more disturbing is the scenario which develops out of this. On many conferences devoted to data encryption, this thread has evolved into rallying support for PGP; to adopt it as a STANDARD for data encryption. It is not my intention to knock PGP or its quality. It is one of the finest encryption programs available to the public. But, adopting it as a standard is just what the "fed" wants, as you will soon discover. Let's first examine the plan of attack. The government wishes to enforce a "standard" and introduces the "key-escrow" system.
Key-escrow encryption programs, are loosely based on the public key concept. Two independent escrow agents each hold half the key needed to decrypt a message. Any communications made on this system would be automatically channeled to a gov't databank which can't be accessed without both keys. It gives the gov't a passkey. Enter the infamous "Clipper Chip".
In the first phase of the Key Escrow policy, AT&T will market telephones with the government's Clipper Chip built in. Communication from one "Clipper" phone to another will be encrypted and will utilize the key escrow system. This is obviously analogous to the gov't installing a bug in your home, and promising not to listen in without a court order. It is made quite obvious that they will be in charge of the keys and "will not snoop". Then the name "Capstone" is openly plastered about; its semantical evidence boldly displayed to all who understand the significance of "The Great Seal" on a dollar bill.
Capstone is the newest NSA key escrow chip. Capstone was developed for computer modems to track ("track" being the operative word) electronic communications, in much the same fashion that the Clipper monitors telephone conversations.
Naturally, the people unite against the government's imposing encryption standards, and unwittingly adopt their own. The rationale of the government's attacks on PGP becomes twofold. First, their attack has succeeded in the adoption of an encryption standard, and second, they have powerfully deterred the public from writing other equally useful encryption programs.
Although this may come off as wild conspiracy, it is as valid as any argument, and should, of course, be thoroughly examined by each individual. Quantity would obviously override any standard in its ability to confound cryptanalytic attack. Privacy IS a right. Something to think about.
Michael Theroux
Cryptographic Arts
Borderlands BBS
707-826-1124