[Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point

Perry E. Metzger perry at piermont.com
Tue Sep 17 13:42:34 EDT 2013

On Tue, 17 Sep 2013 10:07:38 -0700 Tony Arcieri <bascule at gmail.com>
> The NSA of course participated in active attacks too, but it seems
> their main MO was passive traffic collection.

That's not what I've gotten out of the most recent revelations. It
would seem that they've been evading rather than breaking the crypto:
putting back doors in protocols, stealing keys, encouraging weak
RNGs, adding flaws to hardware, etc. -- as well as doing active
attacks using stolen or broken CA keys.

I don't doubt that they archive everything they can forever, of

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list