[Cryptography] NSA and cryptanalysis

Perry E. Metzger perry at piermont.com
Mon Sep 2 17:35:43 EDT 2013

On Mon, 2 Sep 2013 13:14:00 -0700 "Christian Huitema"
<huitema at huitema.net> wrote:
> > > > Do we know they produced fake windows updates without
> > > > assistance from Microsoft?
> > > 
> > > Given the reaction from Microsoft, yes.
> > > 
> > > The Microsoft public affairs people have been demonstrating real
> > > anger at the Flame attack in many forums.
> >
> > But of course, sufficiently paranoid people might contend that
> > perhaps the Microsoft people who complained might not have been
> > briefed by the ones who cooperated.
> I would be very surprised if they had gotten any assistance from
> Microsoft.

As would I. Not my wider point. My wider point is that the
speculation is not helpful, and one probably wants to think about how
to make things trustworthy even in the presence of bugs, adversaries
who look like bugs for most viewpoints, etc. Paranoid speculation is
useless, concrete discussion of threat models and how to address them
is useful. (Thus why I mentioned things like typed assembly language
as being a more productive topic than infinitely recursive paranoia.
One can speculate endlessly on who is collaborating with whom
without ever terminating, but robust threat models with technical
solutions are something you can actually do something about.)

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list