At 12:09 PM 9/7/2013, Chris Palmer wrote:
On Sat, Sep 7, 2013 at 1:33 AM, Brian Gladman <> wrote:

>> Why would they perform the attack only for encryption software? They
>> could compromise people's laptops by spiking any popular app.
> Because NSA and GCHQ are much more interested in attacking communictions
> in transit rather than attacking endpoints.

So they spike a popular download (security-related apps are less
likely to be popular) with a tiny malware add-on that scans every file
that it can read to see if it's an encryption key, cookie, password

More to the point, spike a popular download with remote-execution malware,
and download spiked patches for important binaries,
so the not-a-collection-target's browser uses known keys
(the opposite of the "fortify" patch that made 40-bit Mozilla do 128-bit),
and the disk encryption software broadcasts its keys or stashes them in plaintext

The cryptography mailing list

Reply via email to