[Cryptography] Opening Discussion: Speculation on "BULLRUN"
hallam at gmail.com
Thu Sep 5 16:58:07 EDT 2013
On Thu, Sep 5, 2013 at 4:41 PM, Perry E. Metzger <perry at piermont.com> wrote:
> On Thu, 5 Sep 2013 15:58:04 -0400 "Perry E. Metzger"
> <perry at piermont.com> wrote:
> > I would like to open the floor to *informed speculation* about
> > BULLRUN.
> Here are a few guesses from me:
> 1) I would not be surprised if it turned out that some people working
> for some vendors have made code and hardware changes at the NSA's
> behest without the knowledge of their managers or their firm. If I
> were running such a program, paying off a couple of key people here
> and there would seem only rational, doubly so if the disclosure of
> their involvement could be made into a crime by giving them a
> clearance or some such.
Or they contacted the NSA alumni working in the industry.
> 2) I would not be surprised if some of the slow speed at which
> improved/fixed hashes, algorithms, protocols, etc. have been adopted
> might be because of pressure or people who had been paid off.
> At the very least, anyone whining at a standards meeting from now on
> that they don't want to implement a security fix because "it isn't
> important to the user experience" or adds minuscule delays to an
> initial connection or whatever should be viewed with enormous
> suspicion. Whether I am correct or not, such behavior clearly serves
> the interest of those who would do bad things.
I think it is subtler that that. Trying to block a strong cipher is too
obvious. Much better to push for something that is overly complicated or
too difficult for end users to make use of.
* The bizare complexity of IPSEC.
* Allowing deployment of DNSSEC to be blocked in 2002 by blocking a
technical change that made it possible to deploy in .com.
* Proposals to deploy security policy information (always send me data
encrypted) have been consistently filibustered by people making nonsensical
3) I would not be surprised if random number generator problems in a
> variety of equipment and software were not a very obvious target,
> whether those problems were intentionally added or not.
Agreed, the PRNG is the easiest thing to futz with.
It would not surprise me if we discovered kleptography at work as well.
> 4) Choices not to use things like Diffie-Hellman in TLS connections
> on the basis that it damages user experience and the like should be
> viewed with enormous suspicion.
> 5) Choices not to make add-ons available in things like chat clients
> or mail programs that could be used for cryptography should be viewed
> with suspicion.
I think the thing that discouraged all that was the decision to make end
user certificates hard to obtain (still no automatic spec) and expire after
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography