lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon Jan  2 16:57:48 2006
From: archer at frmug.org (Vincent Archer)
Subject: Spy Agency Mined Vast Data Trove and other tales

According to Steve Kudlak:
> It is kind of think it is a "UFO story" to say that PGP and the likes 
> don't work and have been quietlty changed to make them easy to break. 
> The inventors being compromised is pretty much an MIB story. It is open 
> code so you can read it and see if it is possible to break and how 
> easily given current open knowledge. Now if the mathematicians in the 
> NSA know things about factoring we don't well oh well.  What is depended 

The role of the NSA is often misunderstood. A good story that people
don't know is the design of good ole' DES. Back when DES was designed,
there was a first version. Then, people from an unnamable agency (No Such
Agency, as it was often called) came and said "replace those S-boxes by
these".

Lots of people assumed that it was to insert some kind of backdoor, and
it took over ten years of careful cryptanalysys by various experts all
over the world to conclude that the new S-boxes were in fact a bit
stronger than the original ones.

NSA is governed by multiple imperatives. Their first imperative is that
they need to decode what's out there. But they also have another mission,
which is to safeguard american interests by making sure american businesses
do use encryption that is not broken by people from other countries.

Given the stakes, any general "backdoor" will leak to someone else
(there's much more than two persons that will know the secret, and as
everyone knows, two persons can keep a secret only if one of them is dead).
And that's almost as dangerous to american interests as NSA being
unable to spy on them.

-- 
	Vincent Archer			Email:	archer@...ug.org

All men are mortal.  Socrates was mortal.  Therefore, all men are Socrates.
							(Woody Allen)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ