[Cryptography] Science Magazine: Breach of Trust

[Henry Baker]

FYI -- Gee, I can't imagine why the Chinese don't trust
American SW & HW anymore...

Obama may soon be stuck with fielding only his own junior
varsity as a result of this unbelievable NSA cock-up.

http://www.sciencemag.org/content/347/6221/495.full.pdf

BREACH OF TRUST

After the Snowden revelations, U.S. mathematicians are
questioning their long-standing ties with the secretive
National Security Agency

By John Bohannon
...
IN THE WAKE of the Snowden revelations,
most of the media attention has focused on
NSA’s large-scale harvesting of data from
U.S. citizens.  But it is a more obscure exploit
that concerns Hales and many other math-
ematicians: what they see as an attack on the
very heart of modern Internet security. 
When you check your bank account online,
for example, the information is encrypted
using a series of large numbers generated
by both the bank server and your own com-
puter.  Generating random numbers that
are truly unpredictable requires physical
tricks, such as measurements from a quan-
tum experiment. Instead, the computers
use mathematical algorithms to generate
pseudorandom numbers.  Although such
numbers are not fundamentally unpredict-
able, guessing them can require more than
the world’s entire computing power.  As
long as those pseudorandom numbers are
kept secret, the encoded information can
safely travel across the Internet, protected
from eavesdroppers—including NSA.

But the agency appears to have created its
own back door into encrypted communica-
tions. ... But it received little atten-
tion until internal NSA memos made public
by Snowden revealed that NSA was the sole
author of the flawed algorithm and that the
agency worked hard behind the scenes to
make sure it was adopted by NIST.