[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Neues Krypto-Tool fuer Instant Messaging, gegen Ueberwachung
Infowar.de - http://userpage.fu-berlin.de/~bendrath/liste.html
--------------------------- ListBot Sponsor --------------------------
Start Your Own FREE Email List at http://www.listbot.com/links/joinlb
... das auch Staganografie verwendet (Daten in Fake-Daten verstecken). Ich finde
das ganz spannend, wie die Computerszene auf Überwachungsvorhaben reagiert, vgl.
die Geschichte von PGP. Am Ende wird aber wohl doch wieder die politische und
öffentliche Meinung den Ausschlag geben, wie man von Lawrence Lessig lernen
Carnivore 'No Problem' for New E-Mail Encryption
By Tim McDonald, www.NewsFactor.com, 6/18/2001
If a new software research project proves successful, Web surfers will
be able to send secure e-mail and instant messages that are not only
automatically encrypted, but are further hidden from prying eyes by a
stream of fake data.
A research team led by Nikola Bobic, a part-time professor at Ottawa
University, aims to create a virtual network on the Internet called
"Cryptobox", which would be similar to peer-to-peer systems like
Cryptobox members would be able to communicate anonymously with one
another, if they chose, without bothering with the complicated and
time-consuming steps today's encryption technology entails.
Bobic said he and his team don't claim the system is 100 percent secure.
"Anyone in the industry who claims something like that is selling snake
oil, and everyone should be advised to stay away," Bobic told NewsFactor
"What we are doing is creating sets of barriers that an attacker will
have to successfully break," Bobic said. "No matter how impossible and
improbable these steps are, the possibility does exist that someone will
break Cryptobox... but an attacker would need extraordinary resources to
read your messages."
Bypassing FBI Surveillance
Despite the beliefs of many Web surfers, today's Internet communications
are far from secure. Anyone with the knowledge and will to tap into a
network at the relevant points can read e-mail and instant messages. One
example is the FBI's controversial e-mail surveillance program, formerly
known as Carnivore, which is under fire from lawmakers and privacy
"From the information that we've been seeing, Cryptobox would have no
problem circumventing all of Carnivore's attacks," Bobic said on his Web
Also, encrypted messages have weaknesses -- an eavesdropper may be
unable to decipher a particular message, but could determine the
identities of the two parties communicating. The Cryptobox system, say
its designers, broadcasts the message within a stream of fake data,
"making it difficult for eavesdroppers to pick out genuine messages in
the first place."
Bobic and his team say the more "socially conscious purpose" of the
project is to combat increasing Internet censorship, and they "dedicate"
Cryptobox to oppressed people around the world.
"We are hoping that an (application) like this will help them
disseminate their views freely and without any fear of prosecution."
Normal encryption methods are rather cumbersome, involving two people
using compatible software who must exchange "keys," or pieces of code
for each exchange. There are also secure e-mail services that have
encryption built into Web browsers.
With Cryptobox, users would first download a program. Then, in order to
communicate with another member, the user would enter the user ID of the
person he or she wanted to communicate with. The system would
automatically exchange encryption keys each time. Both members would
have to be connected at the same time; the program can be left running
in the background.
Skeptics point out the inherent difficulty in combining such
sophisticated security with usability. However, the Cryptobox team
claims to have successfully tested it with an instant messaging system
earlier this year with 40 real users combined with 200 artificial
clients on the network. The software is scheduled to be released by the
end of this year.
Bobic admits the system is similar to existing technologies from
companies such as Zero Knowledge -- and particularly the peer-to-peer
file sharing system used by Freenet -- both in its design and the use of
encryption. But he claims there are many differences, including the fact
that Cryptobox uses no disk storage and caches no shareable data.
Cryptobox is intended to be an instant messaging application, but on its
completion its designers say it can be extended to a small file-sharing
application, such as Voice over IP. It supports the Windows and Linux
Bobic said he and his team are able to work on the project only
part-time, and are actively soliciting anyone who wants to contribute.
The Cryptobox Web site has both developer and user mailing lists.
To unsubscribe, write to infowar -
- listbot -