NSA and Netscape Crack

Timothy C. May tcmay at got.net
Tue Sep 19 23:02:05 PDT 1995


At 11:46 PM 9/19/95, Jim Ray wrote:

>In the relatively short time I've been on this list, Cypherpunks
>have bruted, and then found a weakness in, two kinds of Netscape
>software.
>[A fine public service, IMO. Congrats to all involved.]
>
>I don't expect to know NSA's specific brute-force capability, but
>does anyone know if the NSA has *ever* found a glaring weakness in
>software and then told its author(s) or owner(s) about it? Do "we"
>perform the "COMSEC" role Tim was speaking of better than the NSA?

Indeed, Jim is underscoring the point I was making, facetiously, that the
NSA has abandoned all pretense of helping to actually secure commercial
transactions (and no, I wasn't referring to Clipper...rather, I was
facetiously referring to the short-lived Commercial COMSEC Endorsement
Program, circa 1988-89).

As I said in my message, I don't _want_ the NSA or NIST (the same, really)
to be vetting commercial encryption. But I also don't want them claiming a
role in securing commercial encryption when they clearly are not even doing
as much as the Cypherpunks are doing.

By the way, if we count our own Matt Blaze's work on exposing weaknesses of
the Tessera/Skipjack/Clipper (they blur together) card as a "Cypherpunks
achievement," then the Cypherpunks have actually played a dominant role in
cracking these recent standards. (Not to mention the RC4 code postings, the
various Cypherpunks involved in the RSA-129 and "BlackNet" factorizations,
etc.)

Well done, of course!

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."








More information about the cypherpunks-legacy mailing list