I don't have any hard information or even any speculation about BULLRUN, but I have an observation and a question:
Traditionally it has been very hard to exploit a break without giving away the fact that you've broken in. So there are two fairly impressive parts to the recent reports: (a) Breaking some modern, widely-used crypto, and (b) not getting caught for a rather long time. To say the same thing the other way, I was always amazed that the Nazis were unable to figure out that their crypto was broken during WWII. There were experiments they could have done, such as sending out a few U-boats under strict radio silence and comparing their longevity to others. So my question is: What would we have to do to produce /tamper-evident/ data security? As a preliminary outline of the sort of thing I'm talking about, you could send an encrypted message that says "The people at 1313 Mockingbird Lane have an enormous kiddie porn studio in their basement." and then watch closely. See how long it takes until they get raided. Obviously I'm leaving out a lot of details here, but I hope the idea is clear: It's a type of honeypot, adapted to detecting whether the crypto is broken. Shouldn't something like this be part of the ongoing validation of any data security system? Also ..... on 09/05/2013 04:35 PM, Perry E. Metzger wrote: > A d20 has a bit more than 4 bits of entropy. I can get 256 bits with > 64 die rolls, or, if I have eight dice, 16 rolls of the group. You can get a lot more entropy than that from your sound card, a lot more conveniently. http://www.av8n.com/turbid/ > If I mistype when entering the info, no harm is caused. I'm not so sure about that. Typos are not random, and history proves that seemingly minor mistakes can be exploited. > The generator can > be easily tested for correct behavior if it is simply a block cipher. I wouldn't have said that. As Dykstra was fond of saying: Testing can show the presence of bugs; testing can never show the absence of bugs. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography