On Tue, Nov 15, 2005 at 06:31:30PM -0500, Perry E. Metzger wrote: > > "Steven M. Bellovin" <[EMAIL PROTECTED]> writes: > > Bruce Schneier's newsletter Cryptogram has the following fascinating > > link: http://www.fas.org/irp/eprint/heath.pdf > > It's the story of effects of a single spy who betrayed keys and > > encryptor designs. > > Very interesting indeed. I was unaware that the military had such > astonishingly bad key management practices. One wonders if things have > actually improved. Probably not. I'm an outsider listening in but what I can hear seems to say they are no better at key management. Or crypto gear which does not get in the way of fast reliable tactical communications.
> One thing one hopes has changed is that one hopes that it is no longer > necessary for everyone to share the same keying material among so many > different endpoints. Public key cryptography and key negotiation could > (in theory) make it unnecessary to store shared secrets for long > periods of time before use, where they are rendered vulnerable to > espionage. One hopes that, over the last thirty years, this or > something analogous has been implemented. The term "broadcast" has a special meaning in the radio world. It is by definition one-way. Thus the "fleet broadcast" was sent to all the ships and each picked out it's own messages. Key negotiation probably was never practical on those circuits. The broadcast became available via satellite sometime in the sixties. It was 75 baud teletype. It is still there today. > One intriguing question that I was left with after reading the whole > thing was not mentioned in the document at all. One portion of the > NSA's role is to break other people's codes. However, we also have to > assume that equipment would fall into "the wrong people's hands" at > intervals, as happened with the Pueblo incident. If properly designed, > the compromise of such equipment won't reveal communications, but > there is no way to prevent it from revealing methods, which could then > be exploited by an opponent to secure their own communications. I doubt the top-level equipment could fall into the wrong people's hands as it is probably not in the field. The tactical systems don't need to be as good since the information is not useful for very long. With any luck, the EP-3 that landed in China did not give up as much info. The CD-ROMs for loading the computers become unreadable after a few seconds in the microwave oven. :) > Does the tension between securing one's own communications and > breaking an opponents communications sometimes drive the use of COMSEC > gear that may be "too close to the edge" for comfort, for fear of > revealing too much about more secure methods? If so, does the public > revelation of Suite B mean that the NSA has decided it prefers to keep > communications secure to breaking opposition communications? There is probably some level where this is considered but there is little indication the military is not about as far behind the real world as they have always been. We also can hope the intel function has shifted from breaking diplomatic and military communications to sifting out the gems from the pebbles in the landslide of general telecomm. And there is the problem of brainpower. The military and NSA probably have less now than during real wars. Note that by current standards, Alan Turing could not get a US security clearance. LRK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]