[Cryptography] NSA and cryptanalysis

David I. Emery die at dieconsulting.com
Sat Aug 31 00:22:43 EDT 2013 

On Fri, Aug 30, 2013 at 07:17:08AM -0400, Jerry Leichter wrote:

> So the latest Snowden data contains hints that the NSA (a) spends a
> great deal of money on cracking encrypted Internet traffic; (b) recently
> made some kind of a cryptanalytic "breakthrough".  What are we to make
> of this?  (Obviously, this will all be wild speculation unless Snowden
> leaks more specific information - which wouldn't fit his style, at least
> as demonstrated so far.)

	I wonder how much of the editing of the recent Snowden data is
in any way related to Snowden himself (who is presumably very 
completely controlled and monitored by the Russians at the moment) ?

	The story as I understand it (from afar), is that he
expropriated some roughly 20,000 complete NSA documents... and has
turned some of them - mostly complete and unedited - over to his
journalist collaborators who have in turn turned some of those over to
their larger news organizations - where the editors have figured out
what parts of them to publish under great pressure from various spooks
and high officials NOT to publish certain information.

	What we have seen so far rather looks like it was heavily
bowdlerized under very great government pressure from various
governments, and it seems very likely MOST if not all of this pressure
was aimed at the editorial and management level of news organizations,
not Snowden himself (who is beyond their reach obviously, but also not
in a position to control much about what is published).

	In the end it is pretty likely nobody in senior management of
the media organizations involved really wants to take responsibility for
leaking something that actually destroys a major US intelligence edge...
and what was left out "to protect legitimate US intelligence secrets" or
"technical methods" is anyone's guess at the moment.

	Surely, however, inevitably eventually *some* of this will leak
out of the media organizations to the extent that it has passed outside
of a very very small circle of people there.

	What is not clear, is how many of those folks at the media
organizations know enough about the technological implications of what
they are reading to understand what its long term significance is.  A
cryptanalytic "breakthrough" might be huge and fundamental and
invalidate a lot of currently deployed cryptography, or just a new and
very effective attack on some aspect of a commonly used security
protocol that can be easily patched once it is known.

>                                                         -- Jerry

-- 
  Dave Emery N1PRE/AE, die at dieconsulting.com  DIE Consulting, Weston, Mass 02493
"An empty zombie mind with a forlorn barely readable weatherbeaten
'For Rent' sign still vainly flapping outside on the weed encrusted pole - in 
celebration of what could have been, but wasn't and is not to be now either."

More information about the cryptography mailing list