I think that fabricating a key here is more likely to mean fabricating an authentication 'key' rather than an encryption key. Alexander is talking to Congress and is deliberately being less than precise.
So I would think in terms of application level vulnerabilities in Web based document servers. One of the things that I have thought weak in our current approach to use of crypto is the way that we divide up access control into authentication and authorization. So basically if Bradley had a possible need to see a file then he has an authorization letting him see it. Using access control alone encourages permissions to be given out promiscuously. The Snowden situation sounds like something slightly different. Alexander says he was not authorized but he was able to get access. The common way that happens on the Web is that Alice has account number 1234 and authenticates herself to the server and gets back a URI ending something like ?acct=1234&.... To get access to Bob's account she simply changes that to ?acct=1235&... It should not work, but it works very often in the real world. Having worked with contractors I have seen people hired out as 'programers' at $1500 per day whose only coding experience was hacking Dephi databases. No C, C++, Java or C#. Not even a scripting language. So it would not shock me to find out that their document security comes undone in the same way that it does in commercial systems. Heads should be rolling on this one. But they won't.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography