[Cryptography] Opening Discussion: Speculation on "BULLRUN"
Lance James
lancej at gmail.com
Thu Sep 5 19:25:52 EDT 2013
Hi all,
If you read the articles carefully, you'll note that at no point does the
NSA appear to have actually broken the *cryptography* in use. It's hard to
get concrete details from such vague writing and no access to the the
original documents, but it sounds like they've mostly gotten a lot of
backdoors in *systems* (not algorithms, though they may have tried that
with Dual_EC_DRBG in NIST SP 800-90 in 2006 ... which lasted barely a year
before public cryptographers flagged it).
Basically, the summary of this new information appears to be best given by
Paul Kocher, who noted that the NSA had pushed for a backdoor key escrow
system with the Clipper Chip, was denied, "... and they went and did it
anyway, without telling anyone." In this case, it wasn't a mandated key
escrow backdoor, but through a combination of targeted interception and
strong-arming companies like Google and Microsoft, they got enough.
It's the same old story of crypto in the real world: Don't attack the
algorithm; Attack the system.
Better story here:
http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger <perry at piermont.com> wrote:
> I would like to open the floor to *informed speculation* about
> BULLRUN.
>
> Informed speculation means intelligent, technical ideas about what
> has been done. It does not mean wild conspiracy theories and the
> like. I will be instructing the moderators (yes, I have help these
> days) to ruthlessly prune inappropriate material.
>
> At the same time, I will repeat that reasonably informed
> technical speculation is appropriate, as is any solid information
> available.
>
>
> Perry
> --
> Perry E. Metzger perry at piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--
Lance James
http://soundcloud.com/lancejames
Office: 760-262-4141
l <lancej at securescience.net>ancej at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130905/e455efdd/attachment.html>
More information about the cryptography
mailing list