[Cryptography] "‘The intelligence coup of the century’"
Phillip Hallam-Baker
phill at hallambaker.com
Wed Feb 12 13:16:32 EST 2020
As with the Snowden papers, there is a big difference between knowing and
being able to talk about a thing without being dismissed as a raving
lunatic.
Many of us knew that something like PRISM was going on because we knew
about similar efforts in the past. System-X had a feature that turned any
telephone in the UK connected directly to a switchboard into a passive
bugging device on the room. Thatcher pleaded with Gorbachev to send in the
tanks and stop the fall of the Berlin wall.
Trump is not the first politician to use gaslighting as a primary political
strategy. He is just the first one to be so bad at it that it has
failed almost all the time.
We knew Crypto-AG was crooked but not that it was owned by the CIA/German
intel. We knew that the mechanical Haeglin machines were breakable but
nobody proved the later electronic versions were backdoored as far as I
know, we just suspected that (correctly).
What hasn't been made public yet is how. I suspect that the side channels
identified by Moti Yung in RSA will turn out to have been used. If you have
a 2048 bit RSA public key, you can generate it in such a fashion that the
top 1000 bits are chosen. Which means that you can encipher the seed used
to generate the key in those bits. A 1000 bit RSA key is probably
sufficient for purposes of NOBUS.
So just why did we decide as an industry that RSA was so much better than
DH anyway? DH has a number of really useful advantages. The key agreement
value doesn't present a side channel, nor does the public key. And you can
do all the compute intensive work of Schnorr signature before you know what
you are signing.
So how did we get directed down the RSA path and not the Diffie-Hellman
path?
And what are the same people doing today? Who slinks round the IETF
dripping poison into people's ears? Who drove DANE and DPRIV down a dead
end? Who persuaded the IESG to stand their ground rather than deploy DNSSEC
in 2002?
Disinformation isn't just for Twitter. It only takes a small number of folk
colluding behind the scenes to isolate people with threatening ideas in a
group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200212/1c1f37dc/attachment.htm>
More information about the cryptography
mailing list