[Cryptography] Opening Discussion: Speculation on "BULLRUN"
hallam at gmail.com
Thu Sep 5 16:11:57 EDT 2013
OK how about this:
If a person at Snowden's level in the NSA had any access to information
that indicated the existence of any program which involved the successful
cryptanalysis of any cipher regarded as 'strong' by this community then the
Director of National Intelligence, the Director of the NSA and everyone
involved in those decisions should be fired immediately and lose their
What was important in Ultra was the fact that the Germans never discovered
they were being intercepted and decrypted. They would have strengthened
their cipher immediately if they had known it was broken.
So either the NSA has committed an unpardonable act of carelessness (beyond
the stupidity of giving 50,000 people like Snowden access to information
that should not have been shared beyond 500) or the program involves lower
strength ciphers that we would not recommend the use of but are still there
in the cipher suites.
I keep telling people that you do not make a system more secure by adding
the choice of a stronger cipher into the application. You make the system
more secure by REMOVING the choice of the weak ciphers.
I would bet that there is more than enough DES traffic to be worth attack
and probably quite a bit on IDEA as well. There is probably even some 40
and 64 bit crypto in use.
Before we assume that the NSA is robbing banks by using an invisibility
cloak lets consider the likelihood that they are beating up old ladies and
taking their handbags.
On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger <perry at piermont.com> wrote:
> I would like to open the floor to *informed speculation* about
> Informed speculation means intelligent, technical ideas about what
> has been done. It does not mean wild conspiracy theories and the
> like. I will be instructing the moderators (yes, I have help these
> days) to ruthlessly prune inappropriate material.
> At the same time, I will repeat that reasonably informed
> technical speculation is appropriate, as is any solid information
> Perry E. Metzger perry at piermont.com
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography