A proper law

[Brian Gladman]

----- Original Message -----
From: "David Hansen" <davidh@spidacom.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, March 05, 2003 6:01 PM
Subject: Re: A proper law


> On 5 Mar 2003 at 17:22, Ian G Batten wrote:
>
> > > If a communication is really that important
> > > encryption can be broken by massive computer power.
> >
> > Untrue.
>
> I'll let others with more knowledge of the subject argue it out. I
> have yet to see convincing arguments that the sky is falling in.
> Indeed I clearly recall one of the main public proponents of this
> mantra accepting that they had been mistaken.

The answer here is very different depending on whether we are considering
practice or principle.  In principle all ciphers except the OTP are
insecure.

In practice, faced with an abstract data stream encrypted using a modern
encryption and authentication mode (e.g. AES-CTR + HMAC-SHA1), there is
currently no known practical way of obtaining its unencrypted content
without access to the key.

However, irrespective of the strength of the encryption being used, there
are many practical attacks if encryption or decryption is carried out on a
computer system to which an attacker can gain overt or covert access.

But I very much agree with your view that there is no evidence to suggest
that the availability of strong encryption is 'causing the sky to fall in'.
After seeking such evidence on a worlwide basis it seems that we have only a
very small number of cases where encryption has even been an issue and fewer
still where encryption has resulted in law enforcement failures.

GAK in RIPA is an unnecessary and wasteful diversion of effort and one that
will consume resources that could be far more effetively used elsewhere.

    Brian Gladman