Columbia crypto box
Tim Dierks
tim at dierks.org
Sat Feb 8 13:24:14 EST 2003
At 12:41 AM 2/8/2003 -0500, John S. Denker wrote:
>As reported by AP:
>
>| Among the most important [debris] they were seeking was
>| a device that allows for the encryption of communication
>| between the shuttle and NASA controllers. A NASA spokesman
>| in Houston, John Ira Petty, said Friday that NASA feared
>| the technology could be used "to send bogus signals to the
>| shuttle."
>
>Apparently some folks skipped class the day Kerchhoffs'
>Principle was covered.
Here are three valid reasons for NSA (who provides communication security
to NASA) to keep crypto algorithms secret:
1. If one has a sufficiently good level of analysis in-house that
additional cryptographic analysis has reached the level of diminishing
returns, then there's little additional value to be gained from the
community input resulting from disclosure. In such a situation, even if a
cipher is secure enough to meet its goals based solely on secrecy of the
key, the marginal security of keeping the algorithm secret is of value.
2. Keeping an algorithm secret prevents your opponents from using it. If
you have better algorithms than your opponents, this is of value.
3. Keeping an algorithm secret may provide protection to design concepts
and constraints, which will help you keep secret methods of cryptanalysis
with which you are familiar, but that your opponents have not yet
discovered (e.g. differential cryptanalysis).
There may be more valid reasons for treating the device as secret; some
categories that come to mind include protecting non-cryptographic
information, such as the capabilities of the communication channel. Also,
many systems on the shuttle are obsolete by modern standards, and it's
possible that the communications security is similarly aged.
- Tim Dierks
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list