Key Recovery Systems As stated before the sense of cryptography is a properly designed cryptosystem making it essentially impossible to recover encrypted data without any knowledge of the used key. The issue of lost keys and the being-locked-out from one's own data as a consequence favors key recovery systems. On the other hand the counter argument is confidentiality: as soon as a possibility to recover a key is provided, the chances for abuses grow. Finally it is the state that does not want to provide too much secrecy. On the contrary. During the last 20 years endless discussions about the state's necessity and right to restrict private cryptography have taken place, as the governments rarely care for the benefit of private users if they believe in catching essential informations about any kind of enemy, hence looking for unrestricted access to all keys. The list of "key recovery," "key escrow," and "trusted third-party" as encryption requirements, suggested by governmental agencies, covers all the latest developments and inventions in digital technology. At the same time the NSA, one of the world's most advanced and most secret enterprises for cryptography, worked hard in getting laws through to forbid the private use of strong encryption in one way or the other. Still, it is also organizations like this one that have to admit that key recovery systems are not without any weaknesses, as the U.S. Escrowed Encryption Standard, the basis for the famous and controversially discussed Clipper Chip, showed. The reason for those weaknesses is the high complexity of those systems. Another aspect is that key recovery systems are more expensive and certainly much less secure than other systems. So, why should anyone use them? In that context, one has to understand the legal framework for the use of cryptography, a strict framework in fact, being in high contradiction to the globalised flow of communication. |
|
Timeline 00 - 1600 AD 3rd cent. Leiden papyrus: medical information gets enciphered to stop abuses 8th cent. - Abu 'Abd al-Rahman al-Khalil ibn Ahmad ibn 'Amr ibn Tammam al Farahidi al-Zadi al Yahmadi finds the solution for a Greek cryptogram by first of all finding out the plaintext behind the encryption, a method which never got out of date. Afterwards he writes a book on cryptography. - cipher alphabets for magicians are published 1250 the English monk Roger Bacon writes cipher-descriptions. At that time the art of enciphering was a popular game in monasteries 1379 Gabrieli di Lavinde develops the nomenclature-code for Clement VII (114); a code-system made out of ciphers and codes, which kept being irreplaceable until the 19th century 1392 (probably) the English poet Geoffrey Chaucer writes the book The Equatorie of the Planetis, which contains several passages in ciphers made out of letters, digits and symbols 1412 for the first time ciphers including different substitutions for each letter are developed (in Arabic) ~1467 invention of the "Captain Midnight Decoder Badge", the first polyalphabetic cipher (disk); the inventor, Leon Battista Alberti, also called the father of Western cryptography, uses his disk for enciphering and deciphering at the same time 15th/16th century nearly every state, especially England and France, has people working on en- and deciphering for them 1518 the first printed book on cryptology is written by the German monk Johannes Trithemius. He also changes the form of polyalphabetic cipher from disks into rectangulars 1533 the idea to take a pass-phrase as the key for polyalphabetic cipher is realized by Giovan Batista Belaso 1563 Giovanni Battista Porta suggests to use synonyms and misspellings to irritate cryptoanalysts 1585 Blaise de Vigenère has the idea to use former plaintexts or ciphertexts as new keys; he invents the 1587 Mary, Queen of Scots, is beheaded for the attempt to organize the murder of Queen Elisabeth I., whose agents find out about Mary's plans with the help of decryption 1588 the first book in shorthand is published |
|
Governmental Regulations The new U.S. regulations are based on the Wassenaar Arrangement Revision of 1998, where exports without license of 56 bit For more information see: Seven states stay excluded from the new freedom. These are states like Libya, Iraq, Iran, North Korea and Cuba, altogether states seen as terrorist supporting. No encryption tools may be exported into those countries. This is, what happened in the USA, whereas in Germany the issue of a cryptography-law is still on the agenda. Until now, in Germany, everyone can decide by her-/himself, whether she/he wants to encrypt electronic messages or not. Some organizations fear that this could get changed soon. Therefore an urgent action was organized in February 2000 to demonstrate the government that people want the freedom to decide on their own. One governmental argument is that only very few people actually use cryptography. Therefore the urgent action is organized as a campaign for using it more frequently. For more information on this see: Other European countries have more liberate laws on cryptography, like France. Austria doesn't have any restrictions at all, probably because of a governmental lack of interest more than accepting freedom. The (former) restrictions in the bigger countries influenced and hindered developments for safer key-systems, e.g. the key-length was held down extraordinarily. "Due to the suspicious nature of crypto users I have a feeling DES will be with us forever, we will just keep adding keys and cycles (...). There is a parallel between designing electronic commerce infrastructure today that uses weak cryptography (i.e. 40 or 56 bit keys) and, say, designing air traffic control systems in the '60s using two digit year fields. (...) Just because you can retire before it all blows up doesn't make it any less irresponsible." (Arnold G. Reinhold) The Chinese State Encryption Management Commission (SEMC) announced in March 2000 that only strong encryption tools will have to be registered in the future. Which sounds so nice on first sight, does not mean a lot in reality: any kind of useful encryption technique, like the The restrictions and prohibitions for cryptography are part of the states' wish to acquire more control - in the name of the battle against criminality, probably? Due to the emerging organized criminality the governments want to obtain more freedom of control over citizens. Organizations like the NSA appear as the leaders of such demands. What about civil rights or Human Rights? |
|