I don't have any hard information or even any speculation about
BULLRUN, but I have an observation and a question:

Traditionally it has been very hard to exploit a break without 
giving away the fact that you've broken in.  So there are two 
fairly impressive parts to the recent reports:  (a) Breaking 
some modern, widely-used crypto, and (b) not getting caught 
for a rather long time.

To say the same thing the other way, I was always amazed that the
Nazis were unable to figure out that their crypto was broken during 
WWII.  There were experiments they could have done, such as sending
out a few U-boats under strict radio silence and comparing their 
longevity to others.

So my question is:  What would we have to do to produce /tamper-evident/
data security?

As a preliminary outline of the sort of thing I'm talking about, you
could send an encrypted message that says 
  "The people at 1313 Mockingbird Lane have an 
   enormous kiddie porn studio in their basement."
and then watch closely.  See how long it takes until they get raided.

Obviously I'm leaving out a lot of details here, but I hope the idea
is clear:  It's a type of honeypot, adapted to detecting whether the
crypto is broken.

Shouldn't something like this be part of the ongoing validation of 
any data security system?

Also ..... on 09/05/2013 04:35 PM, Perry E. Metzger wrote:

> A d20 has a bit more than 4 bits of entropy. I can get 256 bits with
> 64 die rolls, or, if I have eight dice, 16 rolls of the group.

You can get a lot more entropy than that from your sound card, a
lot more conveniently.


>  If I mistype when entering the info, no harm is caused. 

I'm not so sure about that.  Typos are not random, and history proves 
that seemingly minor mistakes can be exploited.

> The generator can
> be easily tested for correct behavior if it is simply a block cipher.

I wouldn't have said that.

As Dykstra was fond of saying:
   Testing can show the presence of bugs;
   testing can never show the absence of bugs.

The cryptography mailing list

Reply via email to