PGP and HMG

Peter Fairbrother peter.fairbrother at ntlworld.com
Sun, 06 May 2001 19:08:09 +0100 

> [snip]
>> One reason for the Govt. to keep it's own codes secret is that the crypto
>> used is supposed to be unbreakable, and if we know what they use then we
>> might get an idea of what is breakable and what isn't. Or even just a view
>> of the state of the art.
>> 
>> Or not...
>> 
>> -- Peter
> [snip]

> Nexus at nexus@patrol.i-way.co.uk wrote:

> If that is the case, surely it would withstand any amount of public scrutiny
> from the academic and security world ?
> Is that not the mark of a good crypto system ?
> Oh, and talking if OTP variants, am I allowed to mention BATCO ? ;-)
> 
> Cheers,
> JJ
> 


There's two kinds of cryptology - the open kind and the secret government
kind. They may in fact be pretty similar but the public can't be allowed to
know that. GCHQ/NSA (almost) never make comments about cryptology and
whether any cypher can be broken - they want to keep their kind secret.

They want their targets to think they can't break a cypher, when they can.
They want their targets to use and trust such a cypher. This is the best
situation for them. They will lie, cheat, suborn, blackmail, threaten,
frame, imprison, torture, murder, do almost anything to achieve it. Next
best is social cryptanalysis. Then comes traffic analysis.

A long time ago they decided that the best way to preserve their secrecy was
to say nothing at all. Their first rule is to give an opponent no data to
analyse. It's a good rule when it can be used. One reason it doesn't work
with cryptosystems for public use is that the details of the cryptosystems
can't be kept from opponents. The Govt can keep it's crypto secret from the
public, if it limits the people with access to it. The other main
disadvantage of STO is not relevant (they will know when their secrets have
been compromised as their opponents, the public, will tell them) (by the
public I mean the open crypto sector).

The recent "statement" that it takes at least a day to break PGP is a
glaring exception, and I wonder if someone will get fired for it, whether
it's true or clever misdirection. If someone proved that it was a lie then
they would know that PGP is breakable. If they proved that it was true then
they would _know_ something about Govt. crypto capabilities. No data to
analyse means no data at all.

Anyway, while Govt. codes _might_ pass public scrutiny, that's one reason
why they can't let the public see them to scrutinise.

-- Peter


<musings> 
Don't be disheartened by not knowing what the spooks can do. It's a bit like
quantum mechanics - while you can't know the details, there is still data
you can extract and use to make transistors or cyphers.

An example - while the spooks may or may not be able to crack egPGP, they
aren't going to admit it if they can, or offer decrypts in evidence. They
need RIPA for that. And they aren't likely to let LEA's know about it
either. So unless you are doing something bad enough to really piss them
off, and in that case they would probably send round the MIB or the
Tomahawks instead, egPGP is still secure against LEA's and broken
cyphertexts being used in evidence, whether or not the spooks can break it.
</musings>