On Thu, 05 Sep 2013 13:33:48 -0700 Eric Murray <er...@lne.com> wrote:
> The NYT article is pretty informative:
> (http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html)
> Also interesting:
> "Cryptographers have long suspected that the agency planted 
> vulnerabilities in a standard adopted in 2006 by the National
> Institute of Standards and Technology, the United States’
> encryption standards body, and later by the International
> Organization for Standardization, which has 163 countries as
> members.
> Classified N.S.A. memos appear to confirm that the fatal weakness, 
> discovered by two Microsoft cryptographers in 2007, was engineered
> by the agency. The N.S.A. wrote the standard and aggressively
> pushed it on the international group, privately calling the effort
> “a challenge in finesse.”
> “Eventually, N.S.A. became the sole editor,” the memo says."
> Anyone recognize the standard?

Please say it aloud. (I personally don't recognize the standard
offhand, but my memory is poor that way.)

BTW, I will now openly speculate if the deeply undeployable key
management protocols for IPSec that originated at the NSA were an
accident. I had enough involvement not to feel overly strongly that
this is what happened, but it does lead one to wonder strongly.

Perry E. Metzger                pe...@piermont.com
The cryptography mailing list

Reply via email to