[Cryptography] What do we know? (Was 'We cannot trust' ...)

Jerry Leichter leichter at lrw.com
Mon Dec 23 11:13:21 EST 2013


On Dec 23, 2013, at 5:00 AM, "James A. Donald" <jamesd at echeque.com> wrote:

> On 2013-12-22 15:05, Jerry Leichter wrote:
> > Nothing I've seen so far describes what the $10M actually paid for.
> > So nothing is inconsistent with the possibility that what RSA saw
> > was a $10M contract to provide BSAFE to some government agency -
> But what RSA did was provide backdoored BSAFE to everyone, not just one government agency.
Well ... yes, that's the way commercial software works.  Everyone buys the same thing.  The government is certainly able to demand special configurations for itself, but those come with increased costs.  That's where you get the famous $700 toilet seats.  In this century, many of them want "COTS" - Commercial Off The Shelf.

And that, of course, is what makes the NSA game here effective.

> "Here is ten million dollars to make *other* people use our algorithm"
No, here's ten million in licensing fees - just make this one tiny change to keep our security auditors happy.

Do you know the history of auto-ranging power supplies?  Prior to the late 1970's or so, power supplies were analogue beasts and typically came in 120 and 240 volt AC versions, with different attached power cords, for the US and much of Europe.  Carrying two different versions of the same thing was expensive.  As power supplies became more sophisticated, adding a switch to change the voltage became common - especially after the IEC standardize on an equipment-end plug.  So now you could produce one product for the whole world, just shipping a different local-plug-to-IEC-jack cable, and assuming that the end user would set the switch correctly.  Sounds great - but what's the default setting for the switch?  At least in the computer industry - dominated by US manufacturers at the time - it was clearly 120V.  Then local governments elsewhere - I think the Germans were the first - started to say "No, you don't get to set the default the way *you* like it; you sell in Germany, you configure your device *for Germany* out of the box."  I was at Digital at the time, and it was an open joke that devices were built and configured in the US, packed in boxes, shipped to Germany - where someone opened the box, changed the switch to 240V, resealed the box, and sent it to the customer.  While cheaper than maintaining two separate product lines, it was an expense and a pain.

What eventually happened was that digital, auto-ranging power supplies took over, and unless you're working with high-power stuff, you just plug it in and everything works.  One product for the whole world, no configuration required.

That's how governments - and, BTW, all big customers - work.  Do it my way, for the convenience of my users, or get lost.

> "That is the algorithm that various noted cryptographers say smells
> mighty funny?
In 2004?

The issues were raised a couple of years later, and I think it's legitimate to ask whether RSA should have changed things then.  But changing a default based on what a couple of academics are saying - which is how it would have been seen - is not an easy move.  Academics are *always* complaining about something - that's what they're *supposed* to do, raise questions.  Until Snowdonia, there was certainly a smell, but there was nothing that approached solid evidence.

In any case, as others have pointed out here:  Until Snowdonia, the general attitude of  big business - the customers for BSAFE - would have been "I don't care that the NSA can read my stuff, they're the good guys, they don't get involved in commerce, I have nothing to hide from them."

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131223/77d62953/attachment.bin>


More information about the cryptography mailing list