Re: NSA and Netscape Crack
At 11:46 PM 9/19/95, Jim Ray wrote:
In the relatively short time I've been on this list, Cypherpunks have bruted, and then found a weakness in, two kinds of Netscape software. [A fine public service, IMO. Congrats to all involved.]
I don't expect to know NSA's specific brute-force capability, but does anyone know if the NSA has *ever* found a glaring weakness in software and then told its author(s) or owner(s) about it? Do "we" perform the "COMSEC" role Tim was speaking of better than the NSA?
Indeed, Jim is underscoring the point I was making, facetiously, that the NSA has abandoned all pretense of helping to actually secure commercial transactions (and no, I wasn't referring to Clipper...rather, I was facetiously referring to the short-lived Commercial COMSEC Endorsement Program, circa 1988-89). As I said in my message, I don't _want_ the NSA or NIST (the same, really) to be vetting commercial encryption. But I also don't want them claiming a role in securing commercial encryption when they clearly are not even doing as much as the Cypherpunks are doing. By the way, if we count our own Matt Blaze's work on exposing weaknesses of the Tessera/Skipjack/Clipper (they blur together) card as a "Cypherpunks achievement," then the Cypherpunks have actually played a dominant role in cracking these recent standards. (Not to mention the RC4 code postings, the various Cypherpunks involved in the RSA-129 and "BlackNet" factorizations, etc.) Well done, of course! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
On Tue, 19 Sep 1995, Timothy C. May wrote:
By the way, if we count our own Matt Blaze's work on exposing weaknesses of the Tessera/Skipjack/Clipper (they blur together) card as a "Cypherpunks achievement," then the Cypherpunks have actually played a dominant role in cracking these recent standards. (Not to mention the RC4 code postings, the various Cypherpunks involved in the RSA-129 and "BlackNet" factorizations, etc.)
Well done, of course!
Absolutely. And why not enter the PR fray by publicizing those successes? Press release/identify persons for followups/etc. (All with permission/participation of those who did it). Certainly, Cypherpunks has gotten press lately, and what I've seen has been good press. Capitalize on it. Finally, I've got to say that, as someone new to the concepts discussed here, I found it extremely cool to read about the latest break here and then see it in the news a day or two later. EBD
--Tim May
---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!
participants (2)
-
Brian Davis -
tcmay@got.net