[Cryptography] NSA Crypto Breakthrough Bamford [was: WhatsApp keying...]

Ray Dillinger bear at sonic.net
Thu May 19 17:14:51 EDT 2016



On 05/18/2016 01:53 PM, Henry Baker wrote:

> I tend to agree with Nadia Heninger's conjecture that NSA has broken
> discrete logs of certain types.
> 
> It has the right flavor: NOBUS acres of computers.

> "Logjam" attack on discrete logs:
>
> https://weakdh.org/imperfect-forward-secrecy.pdf

Well, after reading, I suppose you and Bamford are probably right about
what the breakthrough here probably is, but I strongly dispute NOBUS in
this case.

An attack based in known mathematical technique will have been deployed
by many state-level adversaries elsewhere, and besides, once the
database the precomputation generates exists, it can be stolen, bought,
shared through diplomatic channels with other nations, or otherwise
acquired through extortion, blackmail, or bribery by criminal actors.
The potential financial payoffs to a criminal organization of having
that database are immense.  It might even justify the expenditure needed
to do the computation themselves.


It doesn't even have to be the USA that gets compromised.  Even if one
supposes that the USA may have kept its database secret, it is
unreasonable to expect that several governments have done so - or that
they will continue to do so in the future.   China builds good
supercomputers and undertakes such giant projects, so they've probably
built this database without any NSA help.  And they might not guard
theirs so well against crooks, or might even willingly share it with
business interests.

In unrelated news, I read that SWIFT has been cracked yet again, and
that a database of some millions of LinkedIn IDs is available in the
black market this week.


> Note that achieving this discrete log breakthrough doesn't rule out
> other approaches: elliptic curve backdoors, more-than-modest
> improvements in integer factoring with non-quantum computers, back
> doors in Intel/AMD/Broadcom/TI/Qualcomm crypto hardware, etc.

It is characteristic of these agencies, worldwide, that they pursue all
available avenues of information compromise, never just one and never
just a few dozen.  I have no doubt that even as I type this, China is
putting backdoors in chips, and North Korea is building a database of
audio recordings of people typing passwords, and Iran is repurposing
Stuxnet to attack facilities in other nations, and England is examining
public video recordings to extract security codes whenever people
publicly enter them into smartphones, and Venezuelan government hackers
are examining the guts of Microsoft TLS implementations looking for
holes.  And on, and on, and on in every possible combination.

NOBUS is a fiction, and none of these agencies are ever satisfied with
any number of sources less than ALL OF THEM.

Meanwhile crooks are busy ripping off bitcoin from online poker games
that use good encryption but shuffle their decks using 32-bit random seeds.

Crooks are in many ways more reasonable people; if they get one break
that makes them money, they're usually happy with that until it gets
shut down.

> It is possible that the US may let the Chinese in on these back door
> secrets in order to preserve its ability to keep using them against
> everyone else, but this fall-back strategy can't possibly be a
> long-term stable solution.  

I'm pretty sure that won't happen.  The US and China, indeed, are the
leaders of the two primary political coalitions contending  for world
domination, and as such the two most likely adversaries in espionage or
in any future large-scale warfare.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160519/459bc694/attachment.sig>


More information about the cryptography mailing list