[Cryptography] What do we know? (Was 'We cannot trust' ...)

ianG iang at iang.org
Sat Dec 21 01:37:41 EST 2013 

On 20/12/13 11:48 AM, ianG wrote:
> What do we know?
...
>> I thought that the evidence we had was an elliptic comment in a
>> powerpoint slide that we have interpreted as being a smoking gun for the
>> already suspect DUAL_EC_NRRNG (Not Really Random Number Generator)
>
>
> We know more than that.  They stated they were the sole editor.  They
> claim the mission to subvert, as laid out very clearly in their goals
> (snippet above).  They have the capability, beyond ours.  There is
> sufficient information to show that there was a programme of convincing
> suppliers to prioritise in that direction.


Just on that last point, new data came out yesterday.

http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220

Two snippets:

    "Undisclosed until now was that RSA received $10 million in a deal 
that set the NSA formula as the preferred, or default, method for number 
generation in the BSafe software, according to two sources familiar with 
the contract."

...

    "RSA adopted the algorithm even before NIST approved it. The NSA 
then cited the early use of Dual Elliptic Curve inside the government to 
argue successfully for NIST approval, according to an official familiar 
with the proceedings.

    RSA's contract made Dual Elliptic Curve the default option for 
producing random numbers in the RSA toolkit.  ..."


(I haven't seen the original documents, John, have you?)


> In criminal conviction terms, they have the means, the motive and the
> opportunity.  They were placed on the scene, at the right time.
>
> We might not get them on the full crime for lack of the smoking gun, but
> they'd likely go down for every lesser degree.


What's interesting in this process is that it lays out *one path* for 
subversion in quite good detail.  Another snippet:


    "... No alarms were raised, former employees said, because the deal 
was handled by business leaders rather than pure technologists.

    "The labs group had played a very intricate role at BSafe, and they 
were basically gone," said labs veteran Michael Wenocur, who left in 1999. "



Companies that have been under attack should take note of these ways: 
google, facebook, microsoft, etc, because it is beyond reasonable doubt 
that these methods have been tried on them.  There is another which I'm 
writing up in the background.


iang

More information about the cryptography mailing list