On Thu, 05 Sep 2013 13:33:48 -0700 Eric Murray <er...@lne.com> wrote: > The NYT article is pretty informative: > (http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html) [...] > Also interesting: > > "Cryptographers have long suspected that the agency planted > vulnerabilities in a standard adopted in 2006 by the National > Institute of Standards and Technology, the United States’ > encryption standards body, and later by the International > Organization for Standardization, which has 163 countries as > members. > > Classified N.S.A. memos appear to confirm that the fatal weakness, > discovered by two Microsoft cryptographers in 2007, was engineered > by the agency. The N.S.A. wrote the standard and aggressively > pushed it on the international group, privately calling the effort > “a challenge in finesse.” > > “Eventually, N.S.A. became the sole editor,” the memo says." > > Anyone recognize the standard?
Please say it aloud. (I personally don't recognize the standard offhand, but my memory is poor that way.) BTW, I will now openly speculate if the deeply undeployable key management protocols for IPSec that originated at the NSA were an accident. I had enough involvement not to feel overly strongly that this is what happened, but it does lead one to wonder strongly. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography