[Cryptography] Sabotaged hardware (was Re: Opening Discussion: Speculation on "BULLRUN")

Perry E. Metzger perry at piermont.com
Fri Sep 6 10:25:17 EDT 2013

On Thu, 5 Sep 2013 22:31:50 -0400 Jerry Leichter <leichter at lrw.com>
> For example, at
> http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us&pagewanted=all,
> the following goal appears for FY 2013 appears:  "Complete enabling
> for [redacted] encryption chips used in Virtual Public Network and
> Web encryption devices".  The Times adds the following note:
> "Large Internet companies use dedicated hardware to scramble
> traffic before it is sent. In 2013, the agency planned to be able
> to decode traffic that was encoded by one of these two encryption
> chips, either by working with the manufacturers of the chips to
> insert back doors or by exploiting a security flaw in the chips'
> design."

This is troubling. It implies that there are widely used crypto
accelerators in use at large organizations that intentionally harm
the security of users. Random number generator flaws would seem like
an obvious possibility here.

This is especially disturbing because other actors can now start
doing teardowns on a wide variety of such devices looking to find the
flaws so they can themselves attack the traffic in question.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list