LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Something that was always fishy...

Something that was always fishy...

Posted Aug 18, 2004 18:12 UTC (Wed) by gproux (guest, #8286)
Parent article: Crypto researchers abuzz over flaws (News.com)

Is the NSA not complaining loudly about people able to use encryption technologies. This could mean they already found how to crack it and routinely do it. I remember reading in a book that a facility that was used to host some dept of the NSA was sold after being completely cleaned-up. Still they had left some things like the comms backbone. The book was talking of literally kilometers of single-mode fibers at a time where multi-mode fiber just started to be used commercially at a large scale. Which means that the NSA is always 200 light-years ahead and that SHA-1 might have some issue that they ALREADY discovered...

(Log in to post comments)

Something that was always fishy...

Posted Aug 18, 2004 18:34 UTC (Wed) by JoeBuck (subscriber, #2330) [Link]

The spooks are ahead in some areas (for example, public-key crypto was first discovered by the British equivalent of the NSA, and only later rediscovered by Diffie and Hellman), but they aren't gods.

In any case, you shouldn't think that the NSA's chief method is to apply advanced techniques no one else has to effortlessly break crypto systems. They may well do some of that, but they mainly "cheat", exploiting engineering flaws, back doors, hacking/cracking, social engineering, or the like to get access to the messages they want to read. If the NSA wants to read your encrypted traffic, they aren't going to bother breaking the algorithm. They can just 0wn your machine and retrieve the plaintext, as you type it or with a screen-reader; it's a lot easier.

Something that was always fishy...

Posted Aug 18, 2004 20:16 UTC (Wed) by dfarning (subscriber, #24102) [Link]

Thank God for Microsoft--

Fact: Windows has a lower cost of Total cost of 0wnership
Assume: Government agencies 'need' to 0wn boxes

Therefor: Widespread use of MS windows reduces governmental total cost of 0wnership.

Therefor: Widespread use MS windows reduces taxes.

I waiting to see this argument on the get the fact site;)

David Farning

Something that was always fishy...

Posted Aug 18, 2004 22:56 UTC (Wed) by iabervon (subscriber, #722) [Link]

On the contrary; the NSA's mission includes having the technology the government uses be secure. It probably also includes securing the nation's critical civilian infrastructure. If the NSA know about a flaw in a standard encryption component, they would immediately work on a replacement and tell people to use that. When IBM initially proposed DES, the NSA told them to change some things, which turned out to protect against an attack unknown to the cryptography community at the time.

The reason is that there have always been spies and double agents. If the USSR could get atomic secrets back then, Al Queda could get cryptography secrets today, and could destroy US finance. The only solution is to make sure that there are no such secrets.

Something that was always fishy...

Posted Aug 19, 2004 6:12 UTC (Thu) by ncm (subscriber, #165) [Link]

Are you smoking crack? The spooks specifically demanded that DES be weakened by reducing its key size to only 56 bits.

Something that was always fishy...

Posted Aug 19, 2004 7:30 UTC (Thu) by barryn (subscriber, #5996) [Link]

No, (s)he isn't smoking crack. While the NSA shortened the key length, they also changed DES to be resistant to differential cryptanalysis, well over a decade before differential cryptanalysis was discovered by anybody in the general public. (BTW, differential cryptanalysis is the basis of the attacks now being conducted against all these hash functions.)

Look at this Wikipedia article, particularly the "NSA's involvement in the design" section:
http://en.wikipedia.org/wiki/Data_Encryption_Standard

Something that was always fishy...

Posted Aug 19, 2004 15:10 UTC (Thu) by mmarsh (subscriber, #17029) [Link]

NSA wanted the shorter key length so that error-correction bits could be added. They didn't expect DES to be made public, from my understanding, and were somewhat upset when NBS released the DES specification.

Something that was always fishy...

Posted Aug 19, 2004 15:13 UTC (Thu) by mmarsh (subscriber, #17029) [Link]

NSA gave up on this because they had to, really. Once high-quality cryptography was openly being developed elsewhere in the world, keeping U.S. cryptography locked up under the provenance of NSA meant that U.S. companies, individuals, and government agencies would be at a distinct and significant disadvantage globally. Once the genie is out of the bottle, it's little worth your time trying to stuff it back in.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds