----- Forwarded message from ianG <iang@iang.org> ----- Date: Fri, 06 Sep 2013 13:13:40 +0300 From: ianG <iang@iang.org> To: cryptography@metzdowd.com Subject: Re: [Cryptography] NSA and cryptanalysis User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 On 6/09/13 04:44 AM, Peter Gutmann wrote:
John Kelsey <crypto.jmk@gmail.com> writes:
If I had to bet, I'd bet on bad rngs as the most likely source of a breakthrough in decrypting lots of encrypted traffic from different sources.
If I had to bet, I'd bet on anything but the crypto. Why attack when you can bypass [1].
Peter.
[1] From Shamir's Law [2], "crypto is bypassed, not penetrated". [2] Well I'm going to call it a law, because it deserves to be. [3] This is a recursive footnote [3].
It looks like it is "all of the above." These are the specific interventions I have seen mention of so far: * weakened algorithms/protocols for big players (e.g., GSM, Cisco) * weakening of RNGs * inside access by 'covert agents' to hand over secrets (e.g., big 4) * corruption of the standards process (NIST 2006?) * corruption of certification process (CSC) * crunching of poor passwords * black ops to steal keys * black ops to pervert systems Which makes sense. Why would the biggest player just do "one thing" ? No, they are going to do everything within their power. They'll try all the tricks. Why not, they've got the money... What is perhaps more interesting is how these tricks interplay with each other. That's something that we'll have trouble seeing and imagining. iang _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5