-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Oct 16, 2000 at 08:12:53PM -0700, Tim May wrote:
At 2:34 PM -0700 10/15/00, Nathan Saper wrote:
Hash: SHA1
On Sun, Oct 15, 2000 at 05:28:19PM -0400, Jordan Dimov wrote:
I don't know much about crypto politics, but... isn't it utterly obvious that the mere fact that the NSA suggest a certain algorithm (say Rijndael) for a national standard and recomends its use internationally imply that they have a pretty darn good idea (if not actual technology) on how to break it efficiently? I just don't see why else they would advocate its use. After all isn't the fact that NSA could break DES since the 70's the reason for the 'success' of DES?
IMHO, the NSA has enough expertise and technology to crack just about any cipher out there. As much as that may suck, there isn't a whole lot we can do about it. Besides, in the new world of globalization, I think we should be worrying more about corporations than about the NSA.
What is the basis for this claim about the NSA having such expertise and technology? Paranoia, ESP, cluelessness, or actual knowledge?
Speculation, nothing more. Notice the "IMHO" above. I'm not claiming to be stating facts.
Do you believe, for example, that the NSA knows how to factor very large numbers?
Do you believe they have a dramatically faster factoring algorithm than any mathematicians suspect exists?
I would also ask if you think the NSA has some hidden supply of computers, except we both know there aren't enough places in the solar system to park the numbers they would need to brute force readily-attainable key sizes.
So, could you explain your first comment?
Most crypto algorithms are mathematically sound. I'm not worried about the NSA finding some miraculous way to factor large numbers. I'm worried about the NSA discovering security bugs in crypto tools. Just a few days ago, a bug was discovered in GnuPG that allowed for clearsigned texts to be altered with the signatures remaining valid. And, of course, there was the ADK bug in PGP. These aren't technically bugs in cipher algorithms, but most mere mortals, such as myself, utilize algorithms through security software that may be, and very likely is, buggy.
After that we can move on to your "fear the corporations, not the government" bit of cluelessness.
- -- Nathan Saper (natedog@well.com) | http://www.well.com/user/natedog/ GnuPG (ElGamal/DSA): 0x9AD0F382 | PGP 2.x (RSA): 0x386C4B91 Standard PGP & PGP/MIME OK | AOL Instant Messenger: linuxfu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE568xk2FWyBZrQ84IRAvuwAJ0UdPIaYcZp3s5C0A84sVtJ0/FsSwCfYdJj tFCmnlThhfRjpP05ODUX4Xk= =PyeZ -----END PGP SIGNATURE-----