[Cryptography] NSA’s FAQs Demystify the Demise of Suite B

[Peter Fairbrother]

On 11/02/16 15:38, Francisco Corella wrote:
> Last summer NSA abruptly replaced "Suite B" with a "CNSA Suite",
[...]
> Another omission in the CNSA Suite
> is the requirement to provide forward secrecy in key establishment
> that was present in Suite B.  Surprisingly, this comes at a time when
> forward secrecy is becoming the norm on the web.

No surprise there.

No FS means that NSA's attack division only have to key-break one 
communication in order to break all the traffic between two people; 
whereas with FS they have to break each communication separately.

Also, with FS they can't use a lot of their non-brute-force tricks - or 
indeed, $5 wrench [1] brute force tricks, only outside the US, obviously 
¬( - to obtain message keys, as the people communicating only have them 
for a very short time.


In another email you say:

"it's ironic that DSA is being dropped when RSA is loosing its
compelling advantage of providing key transport and server
authentication in one operation."

but it's the same forces at work again - as far as NSA's attack division 
goes, the compelling advantage is not going away.

Only one key used? great, that means only one key to find.


As far as producing crypto design for the world+dog goes, NSA are fscked 
by their dual role, both attacking and defending. They should be ignored 
completely.


[1] https://xkcd.com/538/

-- Peter Fairbrother