ID cards

Sleipnir

You see? this is why I didn't want to respond to Meh's post.
Now it's a pointless argument about whether it's a right or a privilige to drive or walk.
Which is a little off-topic and a pointless debate in any case.

dahamsta

Originally posted by bonkey
From memory, the French have had an ID system in place for a long time now

A mandatory ID system? I don't think so, but I wouldn't swear to it. two or three European countries have, but I don't think France is one of them.

And am I mistaken, or do the US not also have a requirement for ID?

Legally, you're not required to carry ID. In practice, it's getting harder to do stuff without it -- for example, John Gilmore of the EFF won't fly now because the airlines require ID; however this was a civil decision.

There is also legislation (unless memory is failing me) limiting the number of accounts you can have, unless you can supply specific reasons for them.

This is a new one on me. How many accounts?

Originally posted by Kananga
Information on smartcard is not encrypted.
Nor is the IR information a beeper sends out to unlock your car.

Both of these are, for the most part, untrue. The information on the smartcard or keyfob is encrypted, the security issue is not with the encryption, but with the interface. In the case of the keyfob, as has been suggested, you just need to intercept the - encrypted - signal to compromise the system. Same goes for RFID ("wave") smartcards. However a smartcard that needs to be "swiped" is more secure because it's more difficult to sniff.

adam

Sleipnir

Originally posted by dahamsta
Both of these are, for the most part, untrue. The information on the smartcard or keyfob is encrypted, the security issue is not with the encryption, but with the interface. In the case of the keyfob, as has been suggested, you just need to intercept the - encrypted - signal to compromise the system. Same goes for RFID ("wave") smartcards. However a smartcard that needs to be "swiped" is more secure because it's more difficult to sniff.

adam

I meant the swipable cards in this case although I see your point.
Also, on the keyfob data being intercepted thing, here's a simple solution.
Have a different code for locking and unlocking.
If the thief intercepts your code when you're locking you car, it's useless as that code can't be used to unlock your car.
If they intercept your code when you're unlocking your car it's useless anyway cos you're about to get in and drive away!

LFCFan

Originally posted by Kananga
I meant the swipable cards in this case although I see your point.
Also, on the keyfob data being intercepted thing, here's a simple solution.
Have a different code for locking and unlocking.
If the thief intercepts your code when you're locking you car, it's useless as that code can't be used to unlock your car.
If they intercept your code when you're unlocking your car it's useless anyway cos you're about to get in and drive away!

Is it not a case that when you lock your car remotely, the code is changed each time so grabbing the code from the air is useless because the code will have changed for when you're opening it again????

bonkey

Originally posted by Kananga
Encryption algorithms don't have to be completely unbreakable, just almost unbreakable, like it would take 140,000 years to crack.
...
"using the same technology used to crack DES and a 128-bit key, it would take 149 trillion years to crack AES. Now, this was over a decade ago,

You didn't notice the logical fallacy in what you printed?

The time taken to crack AES has fallen by 6 orders of magnitude (thats a million, to you non-mathsy's) in about a decade.

10 years ago, they would have said "150 trillion years". Today, they say "150 thousand years".

So really, ten years ago they *should* have said 150 thousand and ten years".

So, assuming that Moore's Law* continues (and by all accounts, it looks not only set to, but to increase over the next decade), that would mean that in another 10 years time, AES would take a max of a couple of months to crack, and within another decade would take a matter of minutes at most.

So, to say "149,000" years is incorrect, as in all probability it will take less than 20 years.....assuming you don't actually start today.

All of which is assuming also that no-one finds any "shortcuts" to the algorithm. If anyone ever figures a rapid way to factor large numbers quickly, we're screwed without quantum crypto.

(Incidentally, a super-massive database system could, in theory, be capable of "factoring" ridiculously large primes in short order within the next decade as well....which could prove interesting).

jc

* This refers to the exponential increases in computer performance. Effectively, available computing power doubles every 18 months.

dahamsta

Originally posted by LFCFan
Is it not a case that when you lock your car remotely, the code is changed each time so grabbing the code from the air is useless because the code will have changed for when you're opening it again????

Yip, that's true for most modern alarm systems. Most.

adam

Sleipnir

Originally posted by bonkey
You didn't notice the logical fallacy in what you printed?

The time taken to crack AES has fallen by 6 orders of magnitude (thats a million, to you non-mathsy's) in about a decade.

10 years ago, they would have said "150 trillion years". Today, they say "150 thousand years".

So really, ten years ago they *should* have said 150 thousand and ten years".

So, assuming that Moore's Law* continues (and by all accounts, it looks not only set to, but to increase over the next decade), that would mean that in another 10 years time, AES would take a max of a couple of months to crack, and within another decade would take a matter of minutes at most.

So, to say "149,000" years is incorrect, as in all probability it will take less than 20 years.....assuming you don't actually start today.

All of which is assuming also that no-one finds any "shortcuts" to the algorithm. If anyone ever figures a rapid way to factor large numbers quickly, we're screwed without quantum crypto.

(Incidentally, a super-massive database system could, in theory, be capable of "factoring" ridiculously large primes in short order within the next decade as well....which could prove interesting).

jc

* This refers to the exponential increases in computer performance. Effectively, available computing power doubles every 18 months.

That's grand Bonkey, they were talking about using 10 year old technology on a brand new encryption algorithm.
If it takes 20 years to crack the code then that'll do!

The exact amount of time it takes to crack is less important as long as it takes too much time for a person to bother!
Obviously when it get's to the point where the code can be cracked in a few hours then it's time for a new one.

e.g. Distributed.net won the DES challenge setting a new record of 22 hours 15 minutes in the process.
22 hours? Not bad you might think. But, DES is only a 56-bit key and was first adopted over 26 years ago (1977 to be precise) plus Distributed.net used a purpose-built supercomputer called Deep Crack, in conjunction with the idle CPU time of 100,000 PCs linked via the Internet to crack it.
Most people don't have access to that amount of processing power.
And that's only DES 56-bit, the easiest one to crack out there, not AES with a 256-bit key.


If the federal government in the U.S. have adopted AES as the standard then it's good enough for me.

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key

Victor

Originally posted by LFCFan
So once someone turns 17 they don't have the right to drive? Driving a 7 Series BMW is a privalege. Driving is not. We have the right to drive. Actually, Walking could be seen as more of a privalege as we are privaleged to have legs that can carry us. Driving on the other hand is something that we have the right to do once we turn 17.

You are confusing an absolute right with a licenced right.

Originally posted by dahamsta
A mandatory ID system? I don't think so, but I wouldn't swear to it. two or three European countries have, but I don't think France is one of them.

Most European countries have mandatory ID, France actually being the fascist ones about it (you can always play the fascist card against the German police - but you can't with the French). Much of the ID requirement was a Cold War legacy. These ID cards allow Schengen to work.

Originally posted by dahamsta
Legally, you're not required to carry ID. In practice, it's getting harder to do stuff without it -- for example, John Gilmore of the EFF won't fly now because the airlines require ID; however this was a civil decision.

A friend got stopped for running a stop sign in the states (says he genuinely didn't see it). He was handcuffed and nearly spent the night in jail because he didn't have ID on him.

Originally posted by LFCFan
Is it not a case that when you lock your car remotely, the code is changed each time so grabbing the code from the air is useless because the code will have changed for when you're opening it again????

The car and the fob have the same encryption formula that creates a "random" series of codes, if say the next 10(say) codes will be B, C, D, E, F, G, H, I, J and K (you have just used "A") and you enter one of them it will work. If you enter "L" of "RTDFFS" it won't work. If you enter "A" the system will get paranoid and insist on further checks. That said whos to say there aren't back doors.

bonkey

Originally posted by Kananga
If it takes 20 years to crack the code then that'll do!

I'm simply pointing out that saying "it would take thousands/millions/billions/whateverillions of years" is entirely incorrect and misleading.

If you want to switch and say "22 hours is long enough", thats fine, but stop throwing around these "it will take gazzilions of years to break it", because it won't.

For example, anyone in the 70's who said DES would take a million years to crack (although I think they preferred to go for "longer than the lifetime of the universe") would appear to have been out in their estimations by at least 999,980 years.

I'm simply pointing out that your "sales-pitch" figures are equally unrealistic, not that crypto is inherently unuseable. They are nothing more than inaccurate sales-pitch waffle, used to impress buyers and make the public feel safer than they really are.

I'm not interested in whats secure today...I'm interested in how long it will stay secure.

jc

Vader

if your going to drive you need your license and if you want to go to a pub etc you need ID but to need ID all the time is just crazy.
I dont want to be stoped by a Garda for ID on my way to a shop.:ninja:

Yoda

In the US, there are no mandatory ID cards. The driver's license, however, is carried by almost everyone. It contains your name, your birthdate, your hair and eye colour, your weight, your sex, your address, and a photo of you. In addition, it specifies the kind of vehicle you can drive.

These cards are used routinely by everyone for identification. The photo ID is shown when writing a cheque at the supermarket for instance; the clerk then has cause to believe who you are. Younger people use them as proof of age for purchasing alcohol.

They are pervasive and routine, and no one thinks twice about carrying them. Indeed, the Department of Motor Vehicles in each state also issues non-driver identity cards which do just the same except that you can drive with them. They are sturdy and wallet-sized.

If you get into an accident, they can identify you. If the police stop you for some reason (usually a driving offence of course) they use it to identify you. You can travel between the US and Canada or Mexico with one. They're so ordinary that you can even get baby announcements styled to look like them!

sovtek

Originally posted by Yoda
In the US, there are no mandatory ID cards. The driver's license, however, is carried by almost everyone. It contains your name, your birthdate, your hair and eye colour, your weight, your sex, your address, and a photo of you. In addition, it specifies the kind of vehicle you can drive.

And in Texas you have to give the DPS a electronic scan of your fingerprint. All for benevolent reasons, of course.

Yoda

In 1997 when I applied to be naturalized as an Irish citizen, I had to go to the guards in Phoenix Park station to be fingerprinted. It didn't bother me.

Imposter

Originally posted by Vader
if your going to drive you need your license and if you want to go to a pub etc you need ID but to need ID all the time is just crazy.
I dont want to be stoped by a Garda for ID on my way to a shop.:ninja:

But that's the thing. Unless you're doing something wrong you won't/shouldn't be stopped. But, for example, if you're unfortunate enough to have an accident you can be identified very quickly.

Sleipnir

Originally posted by bonkey
I'm simply pointing out that saying "it would take thousands/millions/billions/whateverillions of years" is entirely incorrect and misleading.

If you want to switch and say "22 hours is long enough", thats fine, but stop throwing around these "it will take gazzilions of years to break it", because it won't.

For example, anyone in the 70's who said DES would take a million years to crack (although I think they preferred to go for "longer than the lifetime of the universe") would appear to have been out in their estimations by at least 999,980 years.

I'm simply pointing out that your "sales-pitch" figures are equally unrealistic, not that crypto is inherently unuseable. They are nothing more than inaccurate sales-pitch waffle, used to impress buyers and make the public feel safer than they really are.

I'm not interested in whats secure today...I'm interested in how long it will stay secure.

jc

First of all Bonkey, why don't you stop mis-quoting me?
It may further your own arguments to do so but it's rude and inconsiderate.

If you want to switch and say "22 hours is long enough", thats fine,

What I actually said was

If it takes 20 years to crack the code then that'll do!

I didn't say it will take a 'gazillion' years to break it irrespective of the fact the computer power will increase. what I said was

Taking that distributed.net took 22 hours to break a 56-bit DES key using a purpose built supercomputer and the idle time of 100,000 computers over the internet.-
1.) How many years will it take for ONE computer to have that much processing power?
i.e. For ONE computer to have the power of 100,000 computers (plus a super computer) currently on the market?
When that does happen (and it will, a good few years away) then we will have ONE computer that will be able to break a DES 56-bit in 22 hours.

Now,

Assuming that one could build a machine that could recover a DES key in ONE second (not 22 hours as above) (i.e., try 255 keys per second), then it would take THAT machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key.

So, when we do have a computer that can break DES56 in one second, that same machine could break an AES128 in 149 trillion years.
That's a fact, it's not a 'sales pitch'

We're comparing like-for-like here. We can't compare with computers 20 years in the future because we haven't managed time travel yet.


And d'ya think maybe someone in a focus-group in the U.S. federal government on encryption (who have taken AES as their stardard encryption for ALL their secure comms) said
"hey, wait a minute guys, we completely forgot to factor in that computers are going to get more powerful too. Doh!"


You want someone to predict the future,
what kind of processors will be out there in 20 years?
How long will it take to break encryption methods we haven't come up with yet?

bonkey

Originally posted by Kananga
First of all Bonkey, why don't you stop mis-quoting me?

I put quotes inside the "quote" tags so they apear like the text above. I haven't misquoted you anywhere.

And if you go back and check yoru initial quote that I took exception to, it was this :

Encryption algorithms don't have to be completely unbreakable, just almost unbreakable, like it would take 140,000 years to crack.
Such as AES with Rijndael.

No reference to unchanging tech, current tech, etc. etc. etc. Just a figure of 140,000 years which you'll notice is the one that I used in my calculations.

Given that this was several orders of magnitude different to the unattributed, partial quote about DES in the same post, I mistakenly assumed they weren't related figures. Apparently I should have known better.

jc

Belfast

Originally posted by Sparks
No. Until I actually commit a crime, I won't accept being treated like a criminal. And being forced to carry identity papers with me at all times is just that. Why not tattoo everyone with their identity barcode? It does everything a mandatory identity card does and it's harder to steal - so why not? Because people wouldn't stand for the idea of being tattooed with serial numbers, for good reason. Mandatory ID cards are pretty much the same thing, except that you can be pickpocketed and the thief can now carry out an act of identity theft in one simple movement of his or her hand.

BTW, what specific problem are identity cards going to solve on their own?

The Government has treated us like criminals for years. I am not allowed to own an Ak47 in case I might commit a crime. This goes against the principle of innocent until proven guilty.

Yoda

Please read what I wrote regarding the use of driving licences as identification cards in the U.S. No one there considers the carrying of such a card to be a violation of civil liberties.

sovtek

Originally posted by bonkey


And am I mistaken, or do the US not also have a requirement for ID?

Nope

sovtek

Originally posted by Imposter
But that's the thing. Unless you're doing something wrong you won't/shouldn't be stopped.

So if you aren't doing anything wrong then we should all have cameras in our bedrooms, and the cops should be able to just walk into our homes anytime they feel the urge to do so.
That'd really help Martin with his job (and Ashcroft should you fly to the States:)).

sovtek

Originally posted by Yoda
Please read what I wrote regarding the use of driving licences as identification cards in the U.S. No one there considers the carrying of such a card to be a violation of civil liberties.

Because they aren't required to be on you at all times, only when you are driving and many people do consider it to be a violation of the fourth amendment (and IIRC ruled so by the Supreme Court) of the US constitution were it to be required to be on your person at all times.

sovtek

Originally posted by Belfast
I am not allowed to own an Ak47 in case I might commit a crime. This goes against the principle of innocent until proven guilty. [/B]

You aren't allowed to own a nuclear weapon either.

Yoda

Originally posted by sovtek
Because they aren't required to be on you at all times, only when you are driving and many people do consider it to be a violation of the fourth amendment (and IIRC ruled so by the Supreme Court) of the US constitution were it to be required to be on your person at all times.

But everyone does carry them at all times. Or at least when you carry your wallet. Which people do. And remember, even people who don't drive carry them, because they are useful, not just when dealing with civil authorities (which is rare enough) but when making ordinary commercial transactions.

LFCFan

Originally posted by sovtek
So if you aren't doing anything wrong then we should all have cameras in our bedrooms, and the cops should be able to just walk into our homes anytime they feel the urge to do so.
That'd really help Martin with his job (and Ashcroft should you fly to the States:)).

This is a stupid statement. Privacy in your own home is completely different to being in a public place.

dahamsta

Originally posted by Yoda
But everyone does carry them at all times. Or at least when you carry your wallet. Which people do. And remember, even people who don't drive carry them, because they are useful, not just when dealing with civil authorities (which is rare enough) but when making ordinary commercial transactions.

One examples being hotels, most of which require ID now in the United States, not because of any kind of legal requirement, but because they chose to. I can see no rhyme or reason in this, and although I wouldn't be offended by it like some, I don't like the idea of having to identify myself just because some tosser in a suit thought it would somehow protect people from terrorists. It's just kneejerk idiocy.

adam

LFCFan

Originally posted by dahamsta
One examples being hotels, most of which require ID now in the United States, not because of any kind of legal requirement, but because they chose to. I can see no rhyme or reason in this, and although I wouldn't be offended by it like some, I don't like the idea of having to identify myself just because some tosser in a suit thought it would somehow protect people from terrorists. It's just kneejerk idiocy.

adam

Is this not just so they can match the Credit Card with the user?

sovtek

Originally posted by LFCFan
This is a stupid statement. Privacy in your own home is completely different to being in a public place.

No more stupid than that line of thinking "...if you aren't doing anything wrong".
You are correct that it's not completely the same scenario, but then I shouldn't be subjected to inspection by the police no matter where I am without probable cause.

sovtek

Originally posted by Yoda
But everyone does carry them at all times. Or at least when you carry your wallet.

That's a far different situation than having to.

Which people do.

Yes, I have my Texas DL in my back pocket as we speak, even though I haven't been in my respective state for quite a while now...still it's not REQUIRED.

not just when dealing with civil authorities (which is rare enough)

Unless your black, Mexican, male with long hair, have tattoes, look Arab, an attractive woman, drive a Chevrolet Camaro, are out after 2AM.......

In Ireland....at a bus stop wearing a tracksuit.

LFCFan

Originally posted by sovtek
No more stupid than that line of thinking "...if you aren't doing anything wrong".
You are correct that it's not completely the same scenario, but then I shouldn't be subjected to inspection by the police no matter where I am without probable cause.

Why are people talking about being stopped by the Gardai for no reason just because you would have to carry ID? I don't see why this would be the case. We now have to carry our Drivers License with us at all times when in the car but you don't see more people being pulled over to be interrogated. The whole reason for people saying 'if you're not doing something wrong' etc is because why would it bother you to have ID if it's not gonna affect you? The reason behind it is to stop certain criminal activity and to clamp down on illegal immigrants, so, if you're doing nothing wrong than what's the problem? Anyway, it's not going to happen anytime soon if ever in this country. Sure they can't even sort out CC style Drivers licenses.

Stark

What is exactly is wrong though? If you kill someone fair enough, you deserve to be caught. What if you and your mates decide to light up a spliff behind a bike shed or something only to find a CCTV camera focussed on you? What about when things such as homosexuality were criminalized? What about other morally innocent infractions of the law? Are we all that perfect that we have absolutely nothing to fear from total police control?