Hacker News new | ask | show | jobs
by abugheratwork 2619 days ago
> What part of the first amendment exonerates knowingly attempting to crack NTLM keys of US military logins?

Is doing math a form of expression? Breaking a password amounts to thinking for a very long time about all the ways you could rearrange some bits, and choosing one. I'd call it an expression of preference for certain possible results over others, by way of saving one and letting the rest go.

I know, I'm laughing at the thought of framing a cracked password because you're so proud of your expressive art. Still, I am deeply uncomfortable with a government having the authority to say, "You may not run that program."
3 comments
belltaco 2619 days ago
>Is doing math a form of expression? Breaking a password amounts to thinking for a very long time about all the ways you could rearrange some bits, and choosing one. I'd call it an expression of preference for certain possible results over others, by way of saving one and letting the rest go.

Isn't shooting a gun at someone a matter of depressing a lever? It's about applying pressure on a lever with your finger.

>Still, I am deeply uncomfortable with a government having the authority to say, "You may not run that program."

Are you also deeply uncomfortable with a government having the authority to say "You may not press that lever".

Isn't the US firing nukes a matter of the US president entering numbers and pressing some buttons?

Isn't running into and maiming a pedestrian while driving a car at a traffic crossing a matter of actually doing nothing instead of braking?

Are you deeply uncomfortable with the thought of govt jailing you for literally doing nothing?

link
bubblethink 2618 days ago
You are reducing the OP's point, which is rather important, to silly analogies about intent. The OP's point is also why, for eg., many govts' attempts to ban encryption are stupid because you cannot outlaw math. Which is why the legality of both having and breaking encryption needs to be detached from intent.
link
belltaco 2618 days ago
OP's point is that cracking passwords is a form of art, so Assange should be able to claim cracking a DoD Administrator password was a performance of art and thus legal. It's not an important point, it's a silly one.

>many govts' attempts to ban encryption are stupid because you cannot outlaw math

Huh? You can outlaw math. It'd be a stupid idea and quite hard to successfully enforce, but you can outlaw it.

>Which is why the legality of both having and breaking encryption needs to be detached from intent.

This does not make sense at all. Otherwise there would be no legal difference between using a battering ram to break into someone's house and then claiming it was research for materials testing. It also comes down to privacy and property rights.

Case law is well settled in the physical door locks space which also applies pretty well to the digital space with a good balance between research and not breaking into others property. It's perfectly legal to crack your own NTLM hashes, and those of which you have permission to. Imagine someone going around with a saw sawing up doors and then claiming it was their right because the doors weren't properly secured and made of 12 inches of reinforced steel.

link
bubblethink 2618 days ago
My point is that analogies from the real world do not extend very well to digital things, and you can end up with some extremely broad laws that are misused. We already have problems like DMCA because of that. Ultimately, it's very difficult to have consistent laws around encryption.
link
belltaco 2618 days ago
Sure, and that's why intent is important. I fully understand encryption being fully legal, but I don't seen any benefit to legally being able to crack/decrypt other's information without their permission and knowledge, against their will.

This has zero implications on crypto-research because it's always legal to try your cracking on your own encrypted data, or on others' data with their permission, like public challenges. What good will it do to extend it to everyone encrypted data?

There are also privacy and property rights issues at hand. Should you be able to crack someone's private key and impersonate them without legal issues?

Reducing something to its basics and then claiming it should be legal by ignoring the real world consequences like the GP was doing is disingenuous.

link
bubblethink 2618 days ago
> benefit to legally being able to crack/decrypt other's information without their permission and knowledge

>privacy and property rights

This is precisely the issue with DMCA. It is illegal in the US to decrypt a DVD/blu-ray etc (for reference, see why fedora cannot play dvds). So what should have been a reactive law against piracy is now a proactive prohibition codified in law. That's why, laws around encryption should decide on the actions after the fact. You can then use existing law on the actions and encryption is out of the picture. In this case, the actions would be protected by free speech and other protections afforded to journalists.

link
thanatos_dem 2618 days ago
> Are you deeply uncomfortable with the thought of govt jailing you for literally doing nothing?

Yes? I’d be concerned for anyone who isn’t. And to be clear... he didn’t crack it. I’ve run password hashes through rainbow tables for shits and giggles. Should I be dragged out of an embassy next?

link
belltaco 2618 days ago
Sorry if I was unclear, that quote is in continuance of the earlier line, full argument:

>Isn't running into and maiming a pedestrian while driving a car at a traffic crossing a matter of actually doing nothing instead of braking? Are you deeply uncomfortable with the thought of govt jailing you for literally doing nothing?

>And to be clear... he didn’t crack it.

Attempting to commit a crime is a crime even if you failed at it.

>I’ve run password hashes through rainbow tables for shits and giggles. Should I be dragged out of an embassy next?

People shoot at the range all the time but are not prosecuted. But gun murderers are. Dont you see the difference?

Were you cracking an Administrator password of the United States Military protecting classified war logs with an intent to distribute them to the public?

link
roguecoder 2618 days ago
Just because we don’t usually get prosecuted for something doesn’t make it legal.
link
Nasrudith 2618 days ago
But that usually means there is a problem with the law in either enforcement(insufficient or only existing to be abused via selective enforcement) or basis(it shouldn't be illegal in the first place).
link
rocqua 2618 days ago
How did you get those hashes?

What did you (intend to) do with the resulting passwords.

Luckily, intent still counts for something legally.

link
henryfjordan 2618 days ago
You're welcome to crack the password and frame it on your wall. Using or intending to use it is the crime.

The state would have to argue your intent to log into their computers and you'd have the chance to respond. The jury would decide whether you meant to gain unauthorized access to a computer system or just geeked out over password cracking.

Practically, I could see things going poorly for the over-enthusiastic cracker, but theoretically they'd be within their rights.

link
roguecoder 2618 days ago
IANAL, but math is explicitly exempted from copyright law, so “art” wouldn’t apply.

As for the more general “expression”, running a program is a function: it transforms one thing into another thing in a deterministic way. That is applying a tool: you would have to argue that the thing you were doing with it, in this case “breaking a password”, was expression, which, well, good luck with that one: you are back to trying to argue that an explicit crime is actually performance art.

All of this is just facts and tools: there is no creativity involved at any stage.

link