[Noisebridge-discuss] Deep Crack

Mikael Vejdemo-Johansson mik at stanford.edu
Thu Oct 8 07:06:14 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Oct 7, 2009, at 11:56 PM, Jacob Appelbaum wrote:
> Mikael Vejdemo-Johansson wrote:
>> On Oct 7, 2009, at 11:39 PM, Joachim Pedersen wrote:
>>>> This is obviously the #1 concern.  Whether or not it is legal for a
>>>> non-US citizen to be next to our touching the machine is a huge
>>>> concern.
>>> I still don't understand how we went from the legality of the export
>>> of cypto tech to legality of foreign nationals being in proximity  
>>> to a
>>> piece of cyptotech who's 0-day has long since passed.
>>
>>
>> We went there when the original posting read:
>>> Announce: Deep Crack offered to NB. Fastest (non-classified) 3DES
>>> cracker. Non repurposable. US citizen use only. Claimed value $250k.
>>> Takes a lot of power, six racks worth of stuff, needs a truck. (Talk
>>> to Jake)
>>
>
> That was the first posting in months but not the first discussion of  
> the
> device in the space. I have emailed the EFF. I will respect and relay
> their answer to the group.
>

I've been back in the Bay area for just under 2 weeks. :-D
This is the first I myself have heard about it.

>>
>> And some of us are US non-citizens, as well as aware of the extent to
>> which INS/DHS/Border control/DoD/whoever can be fickly and  
>> unreasonable.
>>
>
> It seems like a reasonable fear but also it seems like fear. Have you
> investigated all of the software and hardware at Noisebridge that
> performs cryptographic operations?
>

It's the UD in FUD I don't enjoy. It is indeed fear, which is why I am  
calling for consultation, not a blanket unreasonable opposition.

>> Let me be clear, again, to at least remove myself from the FUD
>> accusations that have been issued:
>> * I think it's a cool thing.
>
> Thank you.
>
>> * I do worry when I run into things that say 'US citizen only'.
>
> I'm sorry. I really don't want to say that, I expressed it as a  
> possible
> concern. It is likely only that you would not be able to do a key  
> search
> or export it. Alternatively, you can volunteer to be a test case if  
> you
> really dislike ITAR. :-)
>

Ah, okay. This was taken from Sai's meeting notes.

I do NOT want to be a testcase - I value my mathematics way too highly  
to drive politics at personal risk. Not that I don't dislike ITAR or  
think it's both idiotic and ineffective as written...

>> * I will be perfectly happy once Jake, as he has told us he will do,
>> clarifies what we need to do to alleviate these worries. If this  
>> turns
>> out - which wouldn't surprise me - to be "Don't use the machine if
>> you're alien", then that settles it completely in my mind.
>>
>
> Thank you Mikael. I'm sorry that this is such a hassle and that my
> government is totally unreasonable.
>

Once we KNOW the government is stupid and unreasonable, we can at  
least try not to wave red flags at them in front of china cabinets. :-)
Which, really, is all I'm trying to ask for here. And feel that I'm  
getting the right kinds of responses to.

> To give a sense of scale, a reasonable sized cluster of Play  
> Stations is
> more powerful than Deep Crack!
>

I am well aware of that. Also, after one of my adventures in form  
filling at Stanford, I've counted myself lucky to not have taught  
linear algebra yet: I'd probably include field extensions in an  
interesting enough course, which would give me a reason to discuss AES  
- - and I might even talk modular arithmetic - and RSA.

And a crypto implementation done on campus - such as an example  
implementation done for in-class demonstration - falls under separate  
and MUCH stricted export rules; which means that taking my laptop with  
my lecture preparations to Europe with me might be ITAR degrees of  
dangerous... :-(

And this from how Stanford describes my duties as an employee filling  
out import/export forms (which I have to do to take my personal,  
Stanford-paid laptop across the border...)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)

iEYEARECAAYFAkrNj14ACgkQtUmpDMB8zM2KTACeLvEJRxeNAmaccIhSnCXuOMaZ
tFIAnRsoej2Ymtz653Rz3hF4fXThwGFs
=XvQl
-----END PGP SIGNATURE-----
Mikael Vejdemo-Johansson, Dr.rer.nat
Postdoctoral researcher
mik at math.stanford.edu









More information about the Noisebridge-discuss mailing list