The actual documents - some of which the Times published with few redactions -
are worthy of a close look, as they contain information beyond what the
reporters decided to put into the main story. For example, at
http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us&pagewanted=all,
the following goal appears for FY 2013 appears: "Complete enabling for
[redacted] encryption chips used in Virtual Public Network and Web encryption
devices". The Times adds the following note: "Large Internet companies use
dedicated hardware to scramble traffic before it is sent. In 2013, the agency
planned to be able to decode traffic that was encoded by one of these two
encryption chips, either by working with the manufacturers of the chips to
insert back doors or by exploiting a security flaw in the chips' design." It's
never been clear whether these kinds of notes are just guesses by the
reporters, come from their own sources, or com
e from Snowden himself. The Washington Post got burned on one they wrote.
But in this case, it's hard to come up with an alternative explanation.
Another interesting goal: "Shape worldwide commercial cryptography marketplace
to make it more tractable to advanced cryptanalytic capabilities being
developed by NSA/CSS." Elsewhere, "enabling access" and "exploiting systems of
interest" and "inserting vulnerabilities". These are all side-channel attacks.
I see no other reference to "cryptanalysis", so I would take this statement at
face value: NSA has techniques for doing cryptanalysis on certain
algorithms/protocols out there, but not all, and they would like to steer
public cryptography into whatever areas they have attacks against. This makes
any NSA recommendation *extremely* suspect. As far as I can see, the bit push
NSA is making these days is toward ECC with some particular curves. Makes you
wonder. (I know for a fact that NSA has been interested in this area of
mathematics for a *very* long time: A mathematician I knew working in the area
of algebraic curves (of which elliptic curves are an example) was re
cruited by - and went to - NSA in about 1975. I heard indirectly from him
after he was at NSA, where he apparently joined an active community of people
with related interests. This is a decade before the first public suggestion
that elliptic curves might be useful in cryptography. (But maybe NSA was just
doing a public service, advancing the mathematics of algebraic curves.)
NSA has two separate roles: Protect American communications, and break into
the communications of adversaries. Just this one example shows that either (a)
the latter part of the mission has come to dominate the former; or (b) the
current definition of an adversary has become so broad as to include pretty
much everyone.
Now, the NSA will say: Only *we* can make use of these back doors. But given
the ease with which Snowden got access to so much information ... why should we
believe they can keep such secrets?
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
