[Cryptography] actual NSA protocol docs to mine...

Thu Jan 22 07:09:47 EST 2015

On Jan 20, 2015, at 2:30 PM, ianG <iang at iang.org> wrote:

> This appears to be a document that describes an NSA protocol:
> 
> http://www.spiegel.de/media/media-35676.pdf
This is an odd document:

- RSA-128 (what we usually write as a 1024 bit key) for public key crypto;
- RC6-16 as the symmetric encryption function;
- SHA1 for hashing.

So no NSA-specific crypto at all.  An attempt at deniability, since the code would be "published" in attacked systems?

The dates shown on the page are:

- "Dated 24 Feb 98"
- "Last Saved 4/7/2013"
- "Last Printed 6/15/2009"

A 1024-bit RSA key would have been reasonable if somewhat aggressive in 1998.  (In 2003, published numbers claimed it roughly equivalent to an 80-bit symmetric key.)

RC6 was first published (as an AES candidate) in 1998 - I haven't been able to track down the actual date, though NIST's announcement of the set of candidates was in late August.  If you want to use "public" stuff, RC6 would be an odd choice 6 months before broad publication!  At the time, there would also have been little analysis of RC6.  What if it turned out to be a dud?  Even the best cryptographers slip up sometimes.  Why not use RC5, which had been around and well thought of for a couple of years?  (One speculation is that NSA thought that RC6 would win the AES competition....)

SHA1 had been around for a couple of years and so was reasonable in 1998.

I don't know what to make of a document that was last saved four years after it was last printed.
                                                        -- Jerry