[Cryptography] new wiretap resistance in iOS 8?

Jerry Leichter leichter at lrw.com
Tue Sep 23 12:23:53 EDT 2014 

On Sep 23, 2014, at 8:29 AM, Nicholas Bohm <nbohm at ernest.net> wrote:
> Assuming that guess [NSA, in approving DES, assumed that crypto wouldn't move beyond banks and some other large institutions] to be right, what about the inconvenience for the NSA if not only the banks and other corporations used their strong system, but also the NSA's adversaries in the military and diplomatic systems of their SIGINT targets?  Many of them were probably using rotor machines, and only gradually at best coming to appreciate the implications of the British and American penetration of Enigma and other World War II systems, which had come into public view not many years before.
Hard to know.  History repeatedly shows great resistance to attempts to change fielded cryptosystems - even in the face of evidence that they've been broken.

The NSA had a great stalking horse in, err, what was the name of that Swiss company, which appeared to be an independent source of secure hardware, based in a neutral country with a reputation for building fine machinery.  It would be easy for them to send out re-assuring messages - oh, yes, the Allies broke the German codes - but ours are different enough that the old techniques don't work.  (Keep in mind that many of the *US* of WWII vintage were themselves based on the same ideas.)

Compare that to a system *apparently designed by NSA*, and if you're some government bureaucrat with no real knowledge of crypto, tasked to choose a system to keep stuff secure from the US ... and what would *you* choose?

> What the NSA would have needed was subtle measures to stir up doubts in the minds of their adversaries about the true strength of the DES.  After all, in the US the banks and other corporations could happily just take the word of the authorities, but the NSA's adversaries might think twice about that if given a reason to do so.
Indeed.

> Perhaps what would have served was for the NSA to have made changes to the S boxes while remaining ostentatiously tight-lipped about their reasons, and to have coupled that with apparently (and perhaps ostentatiously) reducing the strength of the fielded system while refusing again to explain why in the face of objections.  With any luck their adversaries would have picked up on these hints, and been successfully bluffed into retaining their existing systems rather than moving to the new ones.
Could well be.

> It could be that those who still maintain that the NSA undermined the DES for their own advantage are the evidence of the success of a well-executed bluff.
:-)
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140923/ce97baef/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140923/ce97baef/attachment.bin>

More information about the cryptography mailing list