| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Legality Of Cracking | |
|---|---|
| Topic Started: Sep 11 2005, 10:49 PM (266 Views) | |
| PulsarSL | Sep 11 2005, 10:49 PM Post #1 |
|
Super member
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
As far as U.S. laws go, at what point do you get into illegal stuff with encryption and cracking? I don't want to be mistaken for a criminal... i'm just interested. |
 |
 
|
| Donald | Sep 12 2005, 01:46 AM Post #2 |
|
Elite member
|
If you are messing with "encryption" used to defend copyrights, then you need a good lawyer. Such acts may or may not be legal. If you are breaking into a banking system, or anything like that, you are probably going to get into BIG trouble. Expect guys with guns to come breaking down your doors and locking you up. Even just breaking their systems on a purely intellectual level is something they don't like, despite the fact that you would be doing them a favor, they are likely to come at you with big lawyer guns. Such acts are not necessarily illegal, but you would want to have your own lawyer handy. If you are just playing with pen and pencil ciphers, or even doing analysis of generic modern encryption systems, you should be safe. Think of cryptography as lockpicking. Learning how to pick locks is not illegal. Picking the lock of a business without explicit permission will probably get you arrested. I'm not a lawyer, and I'm not even a good cryptographer, so take ALL of the above with a very big grain of salt.  Donald |
|
|
|
| PulsarSL | Sep 12 2005, 03:34 AM Post #3 |
|
Super member
|
Good, because I have no interest in cracking anything real or doing anything illegal, I just know that sometimes an interest can be misconstrewed as intent to use it in a bad or illegal way. |
|
|
|
| insecure | Sep 12 2005, 07:42 AM Post #4 |
|
Elite member
|
Imagine this - you buy a lock and key from a hardware store. You muck about at home with a file or something, and end up managing to duplicate the key you bought, so well that it fits your own lock. Perhaps you even managed to do this without referring to the original key. An interesting experiment, but you could have got the same effect by taking the key to the shop and asking them to run off a duplicate for you. But maybe you learned something interesting about metalwork in the process. That's legal research. You wander up to a bank late at night, and start making close inspections of its lock, using a magnifying glass. Don't be surprised if you're arrested. And you didn't even start to reach into your bag for your high-memory plastic... Don't try to crack into people's Web sites or mail servers or anything servers. Don't try to break the copy protection on software, whether it is software-based copy protection or hardware-based. Don't make illegal copies of software. Don't try to reverse engineer existing software. In other words, don't try to be "l33t" or "clever". Cryptography and cryptanalysis are genuinely exciting areas to learn about, and there are lots of good uses to which your skills can be put. It is certainly legal to post and discuss algorithms you have designed yourself, or attacks on algorithms that others here have posted (I think it's reasonable to assume that people wouldn't post their algorithms here if they didn't want you to publish attacks on them). It is also legal to discuss existing algorithms that are public knowledge - RSA, Diffie-Hellman, Twofish, Rijndael, DES, and so on - and I see no reason why one should not publish attacks on them too. |
|
|
|
| cows | Oct 10 2005, 04:44 PM Post #5 |
|
Unregistered
|
This is true in the U.K. and i believe it to be true in the states but elsewhere I don't know. (I am doing Law as my G.C.S.E. so i have a vague knowledge/ authority of this.) Just remember that if you do accidentally end up deciphering a governmental message, or something illegal, that they have to prove you had intention to commit a crime before you undertook the challenge of deciphering that particular code. They would have to prove that you knew that the cypher that you were trying to crack (that you had no idea what it was about before you had deciphered it) was an illegal. This in my mind is very hard to do. Especially if you do workings with pen and paper and/ or re-formating your computer - atleast twice if you know you are definately doing something illegal. The FBI and Cyber Crimes Units of the police, can find deleted information of a re-formatted hard drive, though it is very hard for them. It is even harder to get information of a re-formatted hard drive that has been re-formatted. If that makes sense... |
|
|
|
| Revelation | Oct 10 2005, 08:11 PM Post #6 |
Administrator
|
I have written an application that can delete a file permanently. This will make your file unrecoverable, even for the NSA. |
|
RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN | |
|
|
|
| Donald | Oct 10 2005, 09:06 PM Post #7 |
|
Elite member
|
Do you use US Department of Defense standard 5220-22.M? (Like ERASER) Because we know it is possible to recover data from magnetic media after it has been overwritten, even after it has been overwritten several times. It all depends on how much money and time they are willing to spend on it. What the deepest level of recovery is for the NSA, we really just don't know. BUT, I wouldn't waste much time worrying about it. It's unlikely that any of us have anything on our hard drives worth the effort to recover after a single over write. Certainly not past three. Donlad |
|
|
|
| Revelation | Oct 11 2005, 06:25 AM Post #8 |
|
Administrator
|
I know that if you toss a HDD in the water and leave it there for several days, they can recover 70%. You'll get the same results if you shoot a bullet through it. My application overwrites a file 100 times with random chars. |
|
RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN | |
|
|
|
| insecure | Oct 11 2005, 08:05 AM Post #9 |
|
Elite member
|
Are you sure it does? Don't make the mistake of thinking that what your source code says is necessarily what your program does. Your compiler might notice that the end result is to write 'X' so it ignores all the other writes and just puts 'X'. Or your OS might cache the writes. Or your disk controller hardware might cache the writes. Careless Assumptions Cost Lives. |
|
|
|
| insecure | Oct 11 2005, 10:42 AM Post #10 |
|
Elite member
|
Oh, just a note to "cows" - be very careful about claiming legal "authority" on the strength of studying for a GCSE in law. (For those who don't know the British system, GCSE examinations are typically taken at the age of 16, so they are not exactly the world's most difficult exams.) I am currently working quite closely with a barrister who has a good 30 years experience at the Bar - and if I were to be foolish enough to consult her for an opinion on the legal issues involved in cryptography and cryptanalysis in the UK, she would unhesitatingly suggest that I consult an expert in that field. She would not even contemplate giving an opinion on the matter, and would certainly not claim to be an authority. (Employment law would be a different matter - she's red hot on that.) As you communicate more and more over the Internet, as you meet people of all ages and backgrounds, you will discover that much of what you thought you knew is actually not true. You will find yourselves rubbing shoulders with genuine experts and complete idiots (especially on Usenet), and finding out which is which is left as an exercise for the reader. For example, at least one person using this forum (and quite possibly more than one) has published a book on advanced computer programming that has been well-received by internationally-recognised experts in that field. You meet all sorts on the Net. So be very wary of claiming to know more than you do. It's generally best to assume that you don't know as much as you think you do. If you read articles by people like Donald and rot13 and RandomHash, I think you'll see this attitude coming through - and yet they do know what they're talking about. Just a word to the wise. Welcome to CryptoForum.
|
|
|
|
| cows | Oct 11 2005, 02:37 PM Post #11 |
Advanced Member
|
Sorry if i insulted you - all i meant is that i am currently doing this in Law and so have a recollection of a topic we discussed in class that was similar. I withdraw my earlier comment that i had said "authority" |
|
Everything is possible, The impossible just takes longer If we do not know what a particle is doing then it is allowed t do everything possible simultaneously. "Anyone who can contemplate Quantum Mechanics without getting dizzy, didn't understand it." | |
|
|
|
| Donald | Oct 11 2005, 02:55 PM Post #12 |
|
Elite member
|
Insecure didn't say he was insulted, he was just trying to offer some advice. We offer LOTS of advice on this board because it's very much a sharing and learning environment. |
|
|
|
| insecure | Oct 11 2005, 03:01 PM Post #13 |
|
Elite member
|
Heh - don't worry, I didn't feel "insulted". I was just giving you a tip or two to save you making a serious idiot of yourself later on. (And yes, I suspect that most of the people in this group, myself included, have made serious idiots of ourselves in high-traffic groups at some point or other.) But your withdrawal of the word "authority" is sensible. There is a common, if rather unsalubrious, abbreviation in use on the Net - "IANAL" - which is short for "I Am Not A Lawyer" - in other words, "I am expressing an opinion about the law, but you should not rely on this opinion to be an accurate statement of the law - it is merely a layman's opinion". (By the way: as far as I know, none of us here are lawyers.) ...... Oh, hi Donald. You appear to have said it for me. Well, tough - I got this far, so I'm going to post it anyway. |
|
|
|
| Donald | Oct 11 2005, 03:06 PM Post #14 |
|
Elite member
|
There we go doing the multiple personality thing again. Donald |
|
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · General · Next Topic » |
5:48 AM Nov 26
