From eugen@leitl.org Fri Sep  6 19:39:20 2013
From: Eugen Leitl <eugen@leitl.org>
To: cypherpunks@lists.cpunks.org
Subject: Re: [Cryptography] NSA and cryptanalysis
Date: Sat, 07 Sep 2013 01:39:17 +0200
Message-ID: <20130906233917.GL29404@leitl.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5105933435513695598=="

--===============5105933435513695598==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

----- Forwarded message from ianG <iang(a)iang.org> -----

Date: Fri, 06 Sep 2013 13:13:40 +0300
From: ianG <iang(a)iang.org>
To: cryptography(a)metzdowd.com
Subject: Re: [Cryptography] NSA and cryptanalysis
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130=
801 Thunderbird/17.0.8

On 6/09/13 04:44 AM, Peter Gutmann wrote:
> John Kelsey <crypto.jmk(a)gmail.com> writes:
>=20
>> If I had to bet, I'd bet on bad rngs as the most likely source of a
>> breakthrough in decrypting lots of encrypted traffic from different source=
s.
>=20
> If I had to bet, I'd bet on anything but the crypto.  Why attack when you c=
an
> bypass [1].
>=20
> Peter.
>=20
> [1] From Shamir's Law [2], "crypto is bypassed, not penetrated".
> [2] Well I'm going to call it a law, because it deserves to be.
> [3] This is a recursive footnote [3].


It looks like it is "all of the above."  These are the specific
interventions I have seen mention of so far:

* weakened algorithms/protocols for big players (e.g., GSM, Cisco)
* weakening of RNGs
* inside access by 'covert agents' to hand over secrets (e.g., big 4)
* corruption of the standards process (NIST 2006?)
* corruption of certification process (CSC)
* crunching of poor passwords
* black ops to steal keys
* black ops to pervert systems

Which makes sense.  Why would the biggest player just do "one thing" ?
No, they are going to do everything within their power.  They'll try
all the tricks.  Why not, they've got the money...

What is perhaps more interesting is how these tricks interplay with
each other.  That's something that we'll have trouble seeing and
imagining.



iang
_______________________________________________
The cryptography mailing list
cryptography(a)metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

--===============5105933435513695598==--