Fileswapping and cryptography

File swapping networks have been popping up and been shut down again by the likes of MPAA and RIAA and their hordes of rampant lawyers for a few years now, mostly because the companies behind the services were located in the west (culturally, this includes Australia and New Zealand). But now a new service is on-line, named Earthstation 5. Located in the Jenin refugee camp in Palestine it's a very international venture, funded by Israeli, Saudi Arabian and Russian banks, coded by russians, enjoying the lax protection of foreign works on the west bank. From a article interview with one of the founders, Kabir:

He's not worried about legal attacks from the RIAA or the Motion Picture Association (MPA), groups that have successfully shut down many of the most blatant copyright violators online, he said. In the West Bank and Gaza, the Israeli government has ceded civil law enforcement to the Palestinian Authority. That body has propagated copyright rules that protect Palestinian copyrights but don't have strong protections for foreign works, he said.

They use UDP packages to communicate. Stupid. And the degree of anonymity offered seems very weak.

It's exciting to see this happen nonetheless, like the fictionalt datahaven Kinakuta from Neal Stephensons absolutely excellent novel "Cryptonomicon". I'm quite surprised at how rarely the Freenet project is mentioned in news about these things, as it seems to be the only real contender in really cryptographically "guaranteed" anonymity in on-line fileswappping.

Running Freenet from a Rubberhose encrypted disk, and using Mixmaster for email can virtually guarantee anonymity and deniability, technically ... until you make a mistake, and believe me, there's plenty of pitfalls. Why you'd want that sort of anonymity is besides the point, it's just damn cool that you can, and I find it important that you can have that kind of capability if you need it.

I feel I should mention PGP and GnuPG here, but they're tools to make sure of someones identity and that the message haven't been tampered with and, optionally, keep the communication safe from eavesdroppers. A quite different goal, but altogether more practical.

In the August issue of Bruce Schneiers Crypto-Gram in the News section he writes:

MS Windows passwords can be cracked in an average of 13.6 seconds. Assuming your password consists of just letters and numbers, that is. But my guess is that almost everyone falls into that category.
<> <>

I don't fall into that category, and neither should you. Always minimize use of passwords and use public keys for authentication whenever possible, the World Needs Strong Authentication.