[Cryptography] Snowden "fabricated digital keys" to get access to NSA servers?
Ray Dillinger
bear at sonic.net
Sat Jun 29 05:04:22 EDT 2013
On 06/28/2013 09:36 PM, Udhay Shankar N wrote:
> On Sat, Jun 29, 2013 at 4:30 AM, John Gilmore<gnu at toad.com> wrote:
>
>> [John here. Let's try some speculation about what this phrase,
>> "fabricating digital keys", might mean.]
>
> Perhaps something conceptually similar to PGP's Additional Decryption
> Key [1]? If the infrastructure is in place for this, perhaps one might
> be able to generate a key on demand, with the appropriate access
> permissions.
I read it to mean that the NSA is using some sort of defeatable
cryptography in its own communications with contractors, presumably
to enable internal snooping for purposes of monitoring contractors.
If a contractor then discovers this system, and manages to cryptanalyze
it (or somehow obtain a copy of the snooping software, though that's
not strictly necessary to cryptanalysis) to figure out the corresponding
method of how the snoopers from the NSA generate keys out of thin
air for it, then he might use that method himself to get access to
all the material that other contractors on that system are working
with.
It would be a ridiculously stupid methodology for the NSA to manage
its security affairs this way, but if "fabricated keys" isn't a flat
out lie, then it's the only thing I can think of that makes sense.
And if it is a flat out lie, then lying to congress is fairly serious.
'Tho it wouldn't be the first time that's happened, either.
Bear
More information about the cryptography
mailing list