[Cryptography] Opening Discussion: Speculation on "BULLRUN"
Perry E. Metzger
perry at piermont.com
Thu Sep 5 16:53:15 EDT 2013
On Thu, 05 Sep 2013 13:33:48 -0700 Eric Murray <ericm at lne.com> wrote:
> The NYT article is pretty informative:
> (http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html)
[...]
> Also interesting:
>
> "Cryptographers have long suspected that the agency planted
> vulnerabilities in a standard adopted in 2006 by the National
> Institute of Standards and Technology, the United States’
> encryption standards body, and later by the International
> Organization for Standardization, which has 163 countries as
> members.
>
> Classified N.S.A. memos appear to confirm that the fatal weakness,
> discovered by two Microsoft cryptographers in 2007, was engineered
> by the agency. The N.S.A. wrote the standard and aggressively
> pushed it on the international group, privately calling the effort
> “a challenge in finesse.”
>
> “Eventually, N.S.A. became the sole editor,” the memo says."
>
> Anyone recognize the standard?
Please say it aloud. (I personally don't recognize the standard
offhand, but my memory is poor that way.)
BTW, I will now openly speculate if the deeply undeployable key
management protocols for IPSec that originated at the NSA were an
accident. I had enough involvement not to feel overly strongly that
this is what happened, but it does lead one to wonder strongly.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list