Path: senator-bedfellow.mit.edu!dreaderd!not-for-mail
Message-ID: <cryptography-faq/[email protected]>
Supersedes: <cryptography-faq/[email protected]>
Expires: 23 Apr 2003 10:52:14 GMT
References: <cryptography-faq/[email protected]>
X-Last-Updated: 1994/07/05
Newsgroups: sci.crypt,talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (09/10: Other Miscellany)
Approved: [email protected]
Followup-To: poster
From: [email protected]
Organization: The Crypt Cabal
Reply-To: [email protected]
Originator: [email protected]
Date: 19 Mar 2003 10:52:37 GMT
Lines: 178
NNTP-Posting-Host: penguin-lust.mit.edu
X-Trace: 1048071157 senator-bedfellow.mit.edu 3937 18.181.0.29
Xref: senator-bedfellow.mit.edu sci.crypt:233113 talk.politics.crypto:46674 sci.answers:15081 news.answers:248033 talk.answers:6520

Archive-name: cryptography-faq/part09
Last-modified: 94/06/07

This is the ninth of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.

The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.


Contents:

9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?


9.1. What is the National Security Agency (NSA)?

 The NSA is the official communications security body of the U.S.
 government. It was given its charter by President Truman in the early
 50's, and has continued research in cryptology till the present. The
 NSA is known to be the largest employer of mathematicians in the world,
 and is also the largest purchaser of computer hardware in the
 world. Governments in general have always been prime employers of
 cryptologists. The NSA probably possesses cryptographic expertise many
 years ahead of the public state of the art, and can undoubtedly break
 many of the systems used in practice; but for reasons of national
 security almost all information about the NSA is classified.

 Bamford's book [BAMFD] gives a history of the people and operations of
 the NSA. The following quote from Massey [MAS88] highlights the
 difference between public and private research in cryptography:

 ``... if one regards cryptology as the prerogative of government,
 one accepts that most cryptologic research will be conducted
 behind closed doors. Without doubt, the number of workers engaged
 today in such secret research in cryptology far exceeds that of
 those engaged in open research in cryptology. For only about 10
 years has there in fact been widespread open research in
 cryptology. There have been, and will continue to be, conflicts
 between these two research communities. Open research is common
 quest for knowledge that depends for its vitality on the open
 exchange of ideas via conference presentations and publications in
 scholarly journals. But can a government agency, charged with
 responsibilities of breaking the ciphers of other nations,
 countenance the publication of a cipher that it cannot break? Can
 a researcher in good conscience publish such a cipher that might
 undermine the effectiveness of his own government's code-breakers?
 One might argue that publication of a provably-secure cipher would
 force all governments to behave like Stimson's `gentlemen', but one
 must be aware that open research in cryptography is fraught with
 political and ethical considerations of a severity than in most
 scientific fields. The wonder is not that some conflicts have
 occurred between government agencies and open researchers in
 cryptology, but rather that these conflicts (at least those of which
 we are aware) have been so few and so mild.''

9.2. What are the US export regulations?

 In a nutshell, there are two government agencies which control
 export of encryption software. One is the Bureau of Export
 Administration (BXA) in the Department of Commerce, authorized by
 the Export Administration Regulations (EAR). Another is the Office
 of Defense Trade Controls (DTC) in the State Department, authorized
 by the International Traffic in Arms Regulations (ITAR). As a rule
 of thumb, BXA (which works with COCOM) has less stringent
 requirements, but DTC (which takes orders from NSA) wants to see
 everything first and can refuse to transfer jurisdiction to BXA.

 The newsgroup misc.legal.computing carries many interesting
 discussions on the laws surrounding cryptographic export, what
 people think about those laws, and many other complex issues which
 go beyond the scope of technical groups like sci.crypt. Make sure to
 consult your lawyer before doing anything which will get you thrown in
 jail; if you are lucky, your lawyer might know a lawyer who has at
 least heard of the ITAR.

9.3. What is TEMPEST?

 TEMPEST is a standard for electromagnetic shielding for computer
 equipment. It was created in response to the discovery that
 information can be read from computer radiation (e.g., from a CRT) at
 quite a distance and with little effort.

 Needless to say, encryption doesn't do much good if the cleartext
 is available this way.

9.4. What are the Beale Ciphers, and are they a hoax?

 (Thanks to Jim Gillogly for this information and John King for
 corrections.)

 The story in a pamphlet by J. B. Ward (1885) goes: Thomas
 Jefferson Beale and a party of adventurers accumulated a huge mass
 of treasure and buried it in Bedford County, Virginia, leaving
 three ciphers with an innkeeper; the ciphers describe the
 location, contents, and intended beneficiaries of the treasure.
 Ward gives a decryption of the second cipher (contents) called B2;
 it was encrypted as a book cipher using the initial letters of the
 Declaration of Independence (DOI) as key. B1 and B3 are unsolved;
 many documents have been tried as the key to B1.

 Aficionados can join a group that attempts to solve B1 by various
 means with an eye toward splitting the treasure:

 The Beale Cypher Association
 P.O. Box 975
 Beaver Falls, PA 15010

 You can get the ciphers from the rec.puzzles FAQL by including the
 line:

 send index

 in a message to [email protected] and following the directions.
 (There are apparently several different versions of the cipher
 floating around. The correct version is based on the 1885 pamphlet,
 says John King <[email protected]>.)

 Some believe the story is a hoax. Kruh [KRU88] gives a long list of
 problems with the story. Gillogly [GIL80] decrypted B1 with the DOI
 and found some unexpected strings, including ABFDEFGHIIJKLMMNOHPP.
 Hammer (president of the Beale Cypher Association) agrees that this
 string couldn't appear by chance, but feels there must be an
 explanation; Gwyn (sci.crypt expert) is unimpressed with this
 string.

9.5. What is the American Cryptogram Association, and how do I get in touch?

 The ACA is an organization devoted to cryptography, with an emphasis
 on cryptanalysis of systems that can be attacked either with
 pencil-and-paper or computers. Its organ ``The Cryptogram'' includes
 articles and challenge ciphers. Among the more than 50 cipher types in
 English and other languages are simple substitution, Playfair,
 Vigenere, bifid, Bazeries, grille, homophonic, and cryptarithm.

 Dues are $20 per year (6 issues) for new members, $15 thereafter; more
 outside North America; less for students under 18 and seniors.  Send
 checks to ACA Treasurer, P.O. Box 198, Vernon Hills, IL 60061-0198.

9.6. Is RSA patented?

 Yes. The patent number is 4,405,829, filed 12/14/77, granted 9/20/83.
 For further discussion of this patent, whether it should have been
 granted, algorithm patents in general, and related legal and moral
 issues, see comp.patents and misc.legal.computing. For information
 about the League for Programming Freedom see [FTPPF]. Note that one of
 the original purposes of comp.patents was to collect questions such as
 ``should RSA be patented?'', which often flooded sci.crypt and other
 technical newsgroups, into a more appropriate forum.

9.7. What about the Voynich manuscript?

 The Voynich manuscript is an elaborately lettered and illustrated
 document, in a script never deciphered. It has been handed down for
 centuries by a line of art collectors and has uncertain origination.
 Much speculation and attention has been focused on its potential
 meaning.

 [email protected] (Nelson Minar) says there is a mailing list on the
 subject. The address to write to subscribe to the VMS mailing list
 is: <[email protected]>

 the ftp archive is: rand.org:/pub/voynich

 There's all sorts of information about the manuscript itself, of
 course. A good bibliography can be found on the ftp site. [KAH67]
 gives a good introduction.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.