CDR: RE: Re: why should it be trusted?

Fisher Mark fisherm at tce.com
Tue Oct 17 08:06:40 PDT 2000 

Kerry L. Bonin writes:
> Most people who have worked with military crypto systems do, off the
> record.  The difference between what is public and what has 
> been developed
> with decades of unlimited resources is staggering.  How many 
> cryptographers
> or discrete math experts work in the public domain?  Now how 
> many work for
> the NSA?  That's how many orders of magnitude?  And how many orders of
> magnitude difference in budgets, ect., even with bureaucratic 
> and civil
> service overhead.

IMHO you haven't done much budgeting or defense work.  I worked on a project
secret enough that I still can't mention the name of the project (although
the name itself is unclassified -- my association with the project was
classified, however).  Budgeting is still a factor in defense work.  Your
messages start to sound like the crypto that Tom Clancy uses in his novels,
crypto that always annoys me because it is so fake.  I agree that the NSA
may have a few tricks up its sleeve on top of some pretty powerful
specialized cracking hardware, but we are talking about needing heavy
wizardry to do real-time cipher cracking, not just some parlor tricks that
drop the work factor by 1000 or so.  For the NSA to generally do what you
propose, they would need some exponential-time methods, methods that would
drop the work factor by 10^78 (or something like that).

It is just a whole lot easier to do a black-bag job on a North Korean
embassy (for example) than to directly attack their crypto.  That is why
defense companies do background checks, that is why some areas of military
facilities are guarded by soldiers with guns, and that is why the NSA tried
to conceal all evidence of their existence for a while.  Crypto is just one
part of a unified security policy -- sometimes not a very important part at
that.
====================================================
Mark Leighton Fisher    Thomson Consumer Electronics
fisherm at tce.com         Indianapolis, IN, USA
"Display some adaptability."  -- Doug Shaftoe, _Cryptonomicon_

More information about the cypherpunks-legacy mailing list