On 06/28/2013 04:00 PM, John Gilmore wrote:

> Let's try some speculation about what this phrase,
> "fabricating digital keys", might mean.

Here's one hypothesis to consider.
 a) The so-called "digital key" was not any sort of decryption key.
 b) The files were available on the NSA machines in the clear.
 c) The files were protected only by something like the Unix file
  protection mechanism ... or the SELinux Mandatory Access Controls.
 d) The "digital key" might have been not much more than a userID
  and password, plus maybe a dongle, allowing him to log in as a 
  shadow member of some group that was supposed to have access to 
  the files.


Crypto is great for protecting stuff while it is being transmitted
or being stored offline ... but when the stuff is in active use, 
the temptation is to make a cleartext working copy.  Then anybody
who can attach a thumb drive and can get past the access controls
can grab whatever he wants.

It is against NSA policy to attach a thumb drive.  I betcha some
folks really want to know how he did that without getting caught.

The cryptography mailing list

Reply via email to