[Cryptography] NSA and cryptanalysis
Eugen Leitl
eugen at leitl.org
Fri Sep 6 16:39:17 PDT 2013
----- Forwarded message from ianG <iang at iang.org> -----
Date: Fri, 06 Sep 2013 13:13:40 +0300
From: ianG <iang at iang.org>
To: cryptography at metzdowd.com
Subject: Re: [Cryptography] NSA and cryptanalysis
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
On 6/09/13 04:44 AM, Peter Gutmann wrote:
> John Kelsey <crypto.jmk at gmail.com> writes:
>
>> If I had to bet, I'd bet on bad rngs as the most likely source of a
>> breakthrough in decrypting lots of encrypted traffic from different sources.
>
> If I had to bet, I'd bet on anything but the crypto. Why attack when you can
> bypass [1].
>
> Peter.
>
> [1] From Shamir's Law [2], "crypto is bypassed, not penetrated".
> [2] Well I'm going to call it a law, because it deserves to be.
> [3] This is a recursive footnote [3].
It looks like it is "all of the above." These are the specific
interventions I have seen mention of so far:
* weakened algorithms/protocols for big players (e.g., GSM, Cisco)
* weakening of RNGs
* inside access by 'covert agents' to hand over secrets (e.g., big 4)
* corruption of the standards process (NIST 2006?)
* corruption of certification process (CSC)
* crunching of poor passwords
* black ops to steal keys
* black ops to pervert systems
Which makes sense. Why would the biggest player just do "one thing" ?
No, they are going to do everything within their power. They'll try
all the tricks. Why not, they've got the money...
What is perhaps more interesting is how these tricks interplay with
each other. That's something that we'll have trouble seeing and
imagining.
iang
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list