[Cryptography] Opening Discussion: Speculation on "BULLRUN"
lancej at gmail.com
Thu Sep 5 19:25:52 EDT 2013
If you read the articles carefully, you'll note that at no point does the
NSA appear to have actually broken the *cryptography* in use. It's hard to
get concrete details from such vague writing and no access to the the
original documents, but it sounds like they've mostly gotten a lot of
backdoors in *systems* (not algorithms, though they may have tried that
with Dual_EC_DRBG in NIST SP 800-90 in 2006 ... which lasted barely a year
before public cryptographers flagged it).
Basically, the summary of this new information appears to be best given by
Paul Kocher, who noted that the NSA had pushed for a backdoor key escrow
system with the Clipper Chip, was denied, "... and they went and did it
anyway, without telling anyone." In this case, it wasn't a mandated key
escrow backdoor, but through a combination of targeted interception and
strong-arming companies like Google and Microsoft, they got enough.
It's the same old story of crypto in the real world: Don't attack the
algorithm; Attack the system.
Better story here:
On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger <perry at piermont.com> wrote:
> I would like to open the floor to *informed speculation* about
> Informed speculation means intelligent, technical ideas about what
> has been done. It does not mean wild conspiracy theories and the
> like. I will be instructing the moderators (yes, I have help these
> days) to ruthlessly prune inappropriate material.
> At the same time, I will repeat that reasonably informed
> technical speculation is appropriate, as is any solid information
> Perry E. Metzger perry at piermont.com
> The cryptography mailing list
> cryptography at metzdowd.com
l <lancej at securescience.net>ancej at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography