<div dir="ltr">
<p class="">Hi all,</p><p class=""><br></p><p class="">If you read the articles carefully, you'll note that at no point does the NSA appear to have actually broken the *cryptography* in use. It's hard to get concrete details from such vague writing and no access to the the original documents, but it sounds like they've mostly gotten a lot of backdoors in *systems* (not algorithms, though they may have tried that with Dual_EC_DRBG in NIST SP 800-90 in 2006 ... which lasted barely a year before public cryptographers flagged it).<br>
</p>
<p class=""><br></p>
<p class="">Basically, the summary of this new information appears to be best given by Paul Kocher, who noted that the NSA had pushed for a backdoor key escrow system with the Clipper Chip, was denied, "... and they went and did it anyway, without telling anyone." In this case, it wasn't a mandated key escrow backdoor, but through a combination of targeted interception and strong-arming companies like Google and Microsoft, they got enough.</p>
<p class=""><br></p>
<p class="">It's the same old story of crypto in the real world: Don't attack the algorithm; Attack the system.</p><p class=""><br></p><p class="">Better story here: <a href="http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html">http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html</a></p>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger <span dir="ltr"><<a href="mailto:perry@piermont.com" target="_blank">perry@piermont.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I would like to open the floor to *informed speculation* about<br>
BULLRUN.<br>
<br>
Informed speculation means intelligent, technical ideas about what<br>
has been done. It does not mean wild conspiracy theories and the<br>
like. I will be instructing the moderators (yes, I have help these<br>
days) to ruthlessly prune inappropriate material.<br>
<br>
At the same time, I will repeat that reasonably informed<br>
technical speculation is appropriate, as is any solid information<br>
available.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
Perry<br>
--<br>
Perry E. Metzger <a href="mailto:perry@piermont.com">perry@piermont.com</a><br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Lance James<br><a href="http://soundcloud.com/lancejames" target="_blank">http://soundcloud.com/lancejames</a><br><span>Office: <span id="gc-number-0" class="gc-cs-link" title="Call with Google Voice">760-262-4141</span></span><br>
<a href="mailto:lancej@securescience.net" target="_blank">l</a><a href="mailto:ancej@gmail.com" target="_blank">ancej@gmail.com</a><br><br></div>
</div></div>