[Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point
Perry E. Metzger
perry at piermont.com
Tue Sep 17 13:42:34 EDT 2013
On Tue, 17 Sep 2013 10:07:38 -0700 Tony Arcieri <bascule at gmail.com>
wrote:
> The NSA of course participated in active attacks too, but it seems
> their main MO was passive traffic collection.
That's not what I've gotten out of the most recent revelations. It
would seem that they've been evading rather than breaking the crypto:
putting back doors in protocols, stealing keys, encouraging weak
RNGs, adding flaws to hardware, etc. -- as well as doing active
attacks using stolen or broken CA keys.
I don't doubt that they archive everything they can forever, of
course.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list