Re: If You Want to Protect A Security Secret, Make Sure It's Public

2004-03-17 Thread John Young 

Despite the long-lived argument that public review of crypto assures
its reliability, no national infosec agency -- in any country worldwide --
follows that practice for the most secure systems. NSA's support for 
AES notwithstanding, the agency does not disclose its military and
high level systems.

It is likely that these agencies are willing to go along with the notion
of public review to lull users into depending on the systems made
public. If any are breakable, the review will show that, and if the
agencies can break them they need not say squat, merely reap
the benefits of public ignorance and trust in seemingly unbreakable 
systems, as with Enigma, Crypto AG, and numerous other historical 
examples David Kahn describes.

Cryptome's FOI request for NSA documents on when and what it 
learned about public key (non-secret) crypto from the Brits is now 
3 1/2 years old. The agency has said it has relevants documents but 
has not yet released anything, though some $4,000 has been paid 
for the search. (Last response from NSA: May 23, 2003, a telephone
call from Pamela Philips, FOIA Chief, saying that the request was 
in the easy queue, number 45 from the top.)

Whit Diffie has said he got hints of PK, or something like it, at
NSA. It is not clear from his account whether information on
PK was deliberately leaked to him, with or without a restriction
of disclosure, or if the breakthrough was truly a phenomenal 
private effort of Diffie-Hellman-Merkle.

Consider that intelligence agencies are known to run years-
even decades-long deception operations, especially about
top secret infosec operations, with the goal of deceiving about 
the strength of infosec systems so that they will be sufficiently
trusted to be widely used. Again, Kahn cites numerous 
examples of such deceptions.

The reputation of witting and unwitting participants and institutions
are often used to gain trust in these breakable systems. The

weakness of vaunted systems is considered to be more valuable
than their strengths.

It is imaginable that if AES did not exist it would have to be invented
for such a purposed. As with PK, PGP and the notion that public 
review of crypto is the hen's teeth of assurance.

Until national infosec agencies reveal what they know it does not
seem prudent to to believe conventional wisdom no matter
how often repeated, especially how often repeated. 

A 100% safe crypto system is never to be believed, isn't that what 
always accompanies cryptographers' assurances for they
now better than anyone that snake oil is their No. 1 tool.

Snake oil = crypto, which accounts for why the charge is so often 
hurled. And why snake oil is used to camouflage what is occurring
beneath its contemptible obviousness.

Re: If You Want to Protect A Security Secret, Make Sure It's Public

2004-03-16 Thread Dave Howe 
Riad S. Wahby wrote:
 John Young [EMAIL PROTECTED] wrote:
 Despite the long-lived argument that public review of crypto assures
 its reliability, no national infosec agency -- in any country
 worldwide -- follows that practice for the most secure systems.
 NSA's support for
 AES notwithstanding, the agency does not disclose its military and
 high level systems.
 Nevertheless, given that the public has two options (disclosure or
 non-), it seems public review is as good as it gets.
  I also can't see an alternative; yes, we are giving military
organizations the crown jewels of our efforts for no cost (although at
least in theory they should pay for anything that is copyrighted or
patented :) but no large company can afford to spend a fraction of what
the NSA do every day on analysis - it is rely on the community or rely on
a handful of staff who may or may not be able to code their way out of a
paper bag (and if there is no community to give peer status to a
cryptographer, how can you tell good from bad when you hire one?)
  Almost always, closed source systems are either snakeoil, or based on
publically accepted algos with just a few extra valueless steps thrown in
so that they can claim it is different (VME for example can be very secure
indeed provided you combine it with something else - explicitly mentioned
as an option in the patent document - but the combined system is still
patented because their silly variant on a classic cypher is used at some
point)

Re: If You Want to Protect A Security Secret, Make Sure It's Public

2004-03-16 Thread Riad S. Wahby 

John Young [EMAIL PROTECTED] wrote:
 Despite the long-lived argument that public review of crypto assures
 its reliability, no national infosec agency -- in any country worldwide --
 follows that practice for the most secure systems. NSA's support for 
 AES notwithstanding, the agency does not disclose its military and
 high level systems.

Nevertheless, given that the public has two options (disclosure or
non-), it seems public review is as good as it gets.

You're right, of course---don't put 100% trust in anything---but I
think it's still reasonable to trust a publicly reviewed system more
than a closed one.

-- 
Riad Wahby
[EMAIL PROTECTED]
MIT VI-2 M.Eng

Re: If You Want to Protect A Security Secret, Make Sure It's Public

2004-03-14 Thread Justin 
R. A. Hettinga (2004-03-15 02:07Z) wrote:

 http://online.wsj.com/article_print/0,,SB107930573476054980,00.html
 
 If You Want to Protect
  A Security Secret,
  Make Sure It's Public

What is terrible article titles for $500, Alex?

-- 
That woman deserves her revenge... and... we deserve to die.
 -- Budd, Kill Bill