Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Spy Agency Mined Vast Data Trove and other tales
From: Vincent Archer <archer () frmug org>
Date: Mon, 2 Jan 2006 11:32:19 +0100

According to Steve Kudlak:
It is kind of think it is a "UFO story" to say that PGP and the likes 
don't work and have been quietlty changed to make them easy to break. 
The inventors being compromised is pretty much an MIB story. It is open 
code so you can read it and see if it is possible to break and how 
easily given current open knowledge. Now if the mathematicians in the 
NSA know things about factoring we don't well oh well.  What is depended 

The role of the NSA is often misunderstood. A good story that people
don't know is the design of good ole' DES. Back when DES was designed,
there was a first version. Then, people from an unnamable agency (No Such
Agency, as it was often called) came and said "replace those S-boxes by
these".

Lots of people assumed that it was to insert some kind of backdoor, and
it took over ten years of careful cryptanalysys by various experts all
over the world to conclude that the new S-boxes were in fact a bit
stronger than the original ones.

NSA is governed by multiple imperatives. Their first imperative is that
they need to decode what's out there. But they also have another mission,
which is to safeguard american interests by making sure american businesses
do use encryption that is not broken by people from other countries.

Given the stakes, any general "backdoor" will leak to someone else
(there's much more than two persons that will know the secret, and as
everyone knows, two persons can keep a secret only if one of them is dead).
And that's almost as dangerous to american interests as NSA being
unable to spy on them.

-- 
        Vincent Archer                  Email:  archer () frmug org

All men are mortal.  Socrates was mortal.  Therefore, all men are Socrates.
                                                        (Woody Allen)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: Spy Agency Mined Vast Data Trove and other tales Vincent Archer (Jan 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]