Commentary and information about public safety and security, intelligence and counterintelligence, open government and secrecy, and other issues in northern Idaho and eastern Washington.

Location: Coeur d'Alene, Idaho, United States

Raised in Palouse, WA. Graduated from Washington State University. US Army (Counterintelligence). US Secret Service (Technical Security Division) in Fantasyland-on-the-Potomac and Los Angeles. Now living in north Idaho.

Tuesday, August 09, 2005

Sex Offender Uses Public Key Cryptography

The Spokesman Review is running a story headlined Duncan encrypted data on computer. The article was attributed to Dave Forster of the Fargo (N.D.) Forum. Forster reports that accused killer Joseph Duncan encrypted some tell-all entries in his computer, bragging that it would take decades to "break" the messages.

Duncan may very well be telling the truth. The technology to encrypt and decipher text material is readily available...for free...to anyone who wants it. It is generically referred to as "public key cryptography."

Some years ago, the National Security Agency (NSA) tried unsuccessfully to stop Phil Zimmermann from making Pretty Good Privacy (PGP) available to the public. The NSA, our government agency charged with all things cryptographic, was reasonably concerned that PGP would make counterintelligence and law enforcement much more difficult. The NSA was right.

Yet in today's world of electronically stored and communicated information, the need for public key cryptography to help people protect and verify the authenticity of their identities and information is legitimate.

For access to a very good tutorial about obtaining and using PGP, go to the Working to Halt Online Abuse website. It has useful links to the PGP website.

There are several other encryption and verification programs available. I happen to like and use PGP. I don't know what encryption program Duncan used, but most of the better ones are similarly difficult to break.

The passphrase is a string of characters Duncan would have to remember and accurately enter to decipher what he had encrypted. The key to breaking Duncan's passphrase (pun very much intended) may very well already be in investigators' hands as writings or other documents. The private key, the passphrase, could be any string of characters.

Duncan would have to remember or have access to his passhrase to retrieve his own encrypted data only if he had any interest in retrieving it. If he had no interest in ever retrieving what he had encrypted, he would simply use an extremely long random-character passphrase to encrypt his file. Then he would simply forget the passphrase. That would make it impossible for Duncan to ever retrieve his own data, and it would be almost but not quite impossible for properly resourced cryptographers to retrieve it.


Post a Comment

<< Home