[Cryptography] Opening Discussion: Speculation on "BULLRUN"

John Kelsey crypto.jmk at gmail.com
Thu Sep 5 19:14:53 EDT 2013


First, I don't think it has anything to do with Dual EC DRGB.  Who uses it?  

My impression is that most of the encryption that fits what's in the article is TLS/SSL.  That is what secures most encrypted content going online.  The easy way to compromise that in a passive attack is to compromise servers' private keys, via cryptanalysis or compromise or bad key generation.  For server side TLS using RSA, guessing just the client's random values ought to be enough to read the traffic.  

For active attacks, getting alternative certs issued for a given host and playing man in the middle would work.  

Where do the world's crypto random numbers come from?  My guess is some version of the 
Windows crypto api and /dev/random or /dev/urandom account for most of them.  What does most of the world's TLS?  OpenSSL and a few other libraries, is my guess.  But someone must have good data about this.  

My broader question is, how the hell did a sysadmin in Hawaii get hold of something that had to be super secret?  He must have been stealing files from some very high ranking people.  

--John



More information about the cryptography mailing list