Hi all,
If you read the articles carefully, you'll note that at no point does the NSA appear to have actually broken the *cryptography* in use. It's hard to get concrete details from such vague writing and no access to the the original documents, but it sounds like they've mostly gotten a lot of backdoors in *systems* (not algorithms, though they may have tried that with Dual_EC_DRBG in NIST SP 800-90 in 2006 ... which lasted barely a year before public cryptographers flagged it). Basically, the summary of this new information appears to be best given by Paul Kocher, who noted that the NSA had pushed for a backdoor key escrow system with the Clipper Chip, was denied, "... and they went and did it anyway, without telling anyone." In this case, it wasn't a mandated key escrow backdoor, but through a combination of targeted interception and strong-arming companies like Google and Microsoft, they got enough. It's the same old story of crypto in the real world: Don't attack the algorithm; Attack the system. Better story here: http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger <pe...@piermont.com> wrote: > I would like to open the floor to *informed speculation* about > BULLRUN. > > Informed speculation means intelligent, technical ideas about what > has been done. It does not mean wild conspiracy theories and the > like. I will be instructing the moderators (yes, I have help these > days) to ruthlessly prune inappropriate material. > > At the same time, I will repeat that reasonably informed > technical speculation is appropriate, as is any solid information > available. > > > Perry > -- > Perry E. Metzger pe...@piermont.com > _______________________________________________ > The cryptography mailing list > cryptography@metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography > -- Lance James http://soundcloud.com/lancejames Office: 760-262-4141 l <lan...@securescience.net>an...@gmail.com
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography