[Cryptography] nuclear arming codes

[demonfighter6 .]

On Fri, Jan 3, 2014 at 8:50 AM, Jerry Leichter <leichter at lrw.com> wrote:

> Meanwhile, a forward-looking question:  Given what we know today
> - about cryptography in general, and NSA's infiltration of pretty much
> anything having to *do* with cryptographic implementations in
> particular - would it be possible to have an agreement such as the
> old test-ban treaty whose verification relies on cryptography?
> The 1980's ideas about public key looked naive even prior to
> Snodownia, but at least one could argue that it was *possible* to
> get the required level of assurance for both parties.  Is that even
> conceivable today?
That's a psychological or political question, not a technical one. I
wouldn't count on the politicians making and signing the agreements to
understand anything beyond the Caesar cypher. They'll go with advice from
on-tap experts who may or have been compromised or who may not be
sufficiently paranoid. Techno naysayers who say things the pols don't want
to hear will be dismissed as unrealistically paranoid. Bottom line, I
wouldn't be at all surprised to find an agreement being put into place,
with the assurance mechanism being revealed to be broken shortly after it's
implemented or (worse) being revealed years later to have been broken
before implementation.

On a related topic, security people are by nature paranoid, but there are
degrees of professional paranoia. Recent leaks show that only the most
paranoid of the crypto security people were anywhere near correct regarding
penetration of corporations and algorithms and privately-owned hardware.
Bummer, that.

-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140103/b5e4ae02/attachment.html>