[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Eric Murray ericm at lne.com
Thu Sep 5 16:33:48 EDT 2013


The NYT article is pretty informative:
(http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html)

"Because strong encryption can be so effective, classified N.S.A. 
documents make clear, the agency’s success depends on working with 
Internet companies — by getting their voluntary collaboration, forcing 
their cooperation with court orders or surreptitiously stealing their 
encryption keys or altering their software or hardware."

"N.S.A. documents show that the agency maintains an internal database of 
encryption keys for specific commercial products, called a Key 
Provisioning Service, which can automatically decode many messages. If 
the necessary key is not in the collection, a request goes to the 
separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent 
cryptographers say many are probably collected by hacking into 
companies’ computer servers, where they are stored"

Also interesting:

"Cryptographers have long suspected that the agency planted 
vulnerabilities in a standard adopted in 2006 by the National Institute 
of Standards and Technology, the United States’ encryption standards 
body, and later by the International Organization for Standardization, 
which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, 
discovered by two Microsoft cryptographers in 2007, was engineered by 
the agency. The N.S.A. wrote the standard and aggressively pushed it on 
the international group, privately calling the effort “a challenge in 
finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says."

Anyone recognize the standard?

Eric



More information about the cryptography mailing list