On 06/28/2013 09:36 PM, Udhay Shankar N wrote:
On Sat, Jun 29, 2013 at 4:30 AM, John Gilmore<g...@toad.com>  wrote:

[John here.  Let's try some speculation about what this phrase,
"fabricating digital keys", might mean.]

Perhaps something conceptually similar to PGP's Additional Decryption
Key [1]? If the infrastructure is in place for this, perhaps one might
be able to generate a key on demand, with the appropriate access

I read it to mean that the NSA is using some sort of defeatable
cryptography in its own communications with contractors, presumably
to enable internal snooping for purposes of monitoring contractors.
If a contractor then discovers this system, and manages to cryptanalyze
it (or somehow obtain a copy of the snooping software, though that's
not strictly necessary to cryptanalysis) to figure out the corresponding
method of how the snoopers from the NSA generate keys out of thin
air for it, then he might use that method himself to get access to
all the material that other contractors on that system are working

It would be a ridiculously stupid methodology for the NSA to manage
its security affairs this way, but if "fabricated keys" isn't a flat
out lie, then it's the only thing I can think of that makes sense.
And if it is a flat out lie, then lying to congress is fairly serious.
'Tho it wouldn't be the first time that's happened, either.

The cryptography mailing list

Reply via email to