[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Perry E. Metzger perry at piermont.com
Thu Sep 5 16:53:15 EDT 2013

On Thu, 05 Sep 2013 13:33:48 -0700 Eric Murray <ericm at lne.com> wrote:
> The NYT article is pretty informative:
> (http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html)
> Also interesting:
> "Cryptographers have long suspected that the agency planted 
> vulnerabilities in a standard adopted in 2006 by the National
> Institute of Standards and Technology, the United States’
> encryption standards body, and later by the International
> Organization for Standardization, which has 163 countries as
> members.
> Classified N.S.A. memos appear to confirm that the fatal weakness, 
> discovered by two Microsoft cryptographers in 2007, was engineered
> by the agency. The N.S.A. wrote the standard and aggressively
> pushed it on the international group, privately calling the effort
> “a challenge in finesse.”
> “Eventually, N.S.A. became the sole editor,” the memo says."
> Anyone recognize the standard?

Please say it aloud. (I personally don't recognize the standard
offhand, but my memory is poor that way.)

BTW, I will now openly speculate if the deeply undeployable key
management protocols for IPSec that originated at the NSA were an
accident. I had enough involvement not to feel overly strongly that
this is what happened, but it does lead one to wonder strongly.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list