[cryptography] [Cryptography] RSA equivalent key length/strength

Eugen Leitl eugen@leitl.org
Sun Sep 22 09:09:44 PDT 2013


----- Forwarded message from ianG <iang@iang.org> -----

Date: Sun, 22 Sep 2013 15:32:42 +0300
From: ianG <iang@iang.org>
To: cryptography@randombit.net
Subject: Re: [cryptography] [Cryptography] RSA equivalent key length/strength
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

On 19/09/13 00:23 AM, Lucky Green wrote:

> According to published reports that I saw, NSA/DoD pays $250M (per
> year?) to backdoor cryptographic implementations. I have knowledge of
> only one such effort. That effort involved DoD/NSA paying $10M to a
> leading cryptographic library provider to both implement and set as
> the default the obviously backdoored Dual_EC_DRBG as the default RNG.


So, boom.  Once the finger is pointed so directly, this came tumbling
down within a day or two.

http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html?

One mystery is left for me.  Why so much?  It clearly doesn't cost
that much money to implement the DRBG, or if it did, I would have done
it for $5m, honest injun!  Nor would it cost that to test it nor to
deploy it on mass.  Documentation, etc.

What are we to conclude was the reason for such a high cost?
Conscience sedative?  Internal payoffs?


> This was $10M wasted. While this vendor may have had a dominating
> position in the market place before certain patents expired, by the
> time DoD/NSA paid the $10M, few customers used that vendor's
> cryptographic libraries.


Another theory - take a fool's money?

And, what happens to RSA now?  If this is business-as-usual, does this
mean that when the Feds show up to my door with 'a proposal' that I
should see the mutual interest in sharing my customer's data with them
by means ecliptic & exotic?  Take the 30 pieces of silver (adj. for
2000 years of inflation), and be happy they're also keeping my
struggling business in the black?  Or grey?

Or, is it the new Crypto AG?  Is RSA the new byword for sellout?  Does
RSA go out of business?  An Arthur Anderson event?

In which case I have no choice.  I have a reason to preserve the
privacy of my customers, and tell the NSA I'm not interested in their
cyanide pill patriotism.



iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130922/285f9be6/attachment.sig>


More information about the cypherpunks mailing list