On Sep 7, 2013, at 6:30 PM, "James A. Donald" wrote:
> On 2013-09-08 4:36 AM, Ray Dillinger wrote:
>>
>> But are the standard ECC curves really secure? Schneier sounds like he's got
>> some innovative math in his next paper if he thinks he can show that they
>> aren't.
>
> Schneier cannot sho
On 2013-09-08 4:36 AM, Ray Dillinger wrote:
But are the standard ECC curves really secure? Schneier sounds like
he's got
some innovative math in his next paper if he thinks he can show that they
aren't.
Schneier cannot show that they are trapdoored, because he does not know
where the magic
At 12:09 PM 9/7/2013, Chris Palmer wrote:
On Sat, Sep 7, 2013 at 1:33 AM, Brian Gladman wrote:
>> Why would they perform the attack only for encryption software? They
>> could compromise people's laptops by spiking any popular app.
>
> Because NSA and GCHQ are much more interested in attacking
On 09/07/2013 07:32 PM, Brian Gladman wrote:
> I don't have experience of how the FBI operates so my comments were
> directed specifcally at NSA/GCHQ interests. I am doubtful that very
> large organisations change their direction of travel very quickly so I
> see the huge investments being made in
On 07/09/2013 20:58, Gregory Perry wrote:
> On 09/07/2013 02:46 PM, Brian Gladman wrote:
>> Because NSA and GCHQ are much more interested in attacking communictions
>> in transit rather than attacking endpoints.
>>
>> Endpoint attacks cost more to undertake, only give access to a limited
>> amount
On Sat, Sep 7, 2013 at 1:33 AM, Brian Gladman wrote:
>> Why would they perform the attack only for encryption software? They
>> could compromise people's laptops by spiking any popular app.
>
> Because NSA and GCHQ are much more interested in attacking communictions
> in transit rather than attac
On 09/07/2013 02:46 PM, Brian Gladman wrote:
> Because NSA and GCHQ are much more interested in attacking communictions
> in transit rather than attacking endpoints.
>
> Endpoint attacks cost more to undertake, only give access to a limited
> amount of data and involve much greater risks that their
>On 09/07/2013 02:53 PM, Ray Dillinger wrote:
>
>Is he referring to the "standard" set of ECC curves in use? Is it possible
>to select ECC curves specifically so that there's a backdoor in cryptography
>based on those curves?
>
>I know that hardly anybody using ECC bothers to find their own curve;
On Sep 7, 2013, at 2:36 PM, Ray Dillinger wrote:
>
> Schneier states of discrete logs over ECC: "I no longer trust the constants.
> I believe the NSA has manipulated them through their relationships with
> industry."
>
> Is he referring to the "standard" set of ECC curves in use? Is it possib
On 09/06/2013 01:25 PM, Jerry Leichter wrote:
A response he wrote as part of a discussion at
http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html:
Q: "Could the NSA be intercepting downloads of open-source encryption software and
silently replacing these with their own versions?"
On 07/09/2013 01:48, Chris Palmer wrote:
>> Q: "Could the NSA be intercepting downloads of open-source encryption
>> software and silently replacing these with their own versions?"
>
> Why would they perform the attack only for encryption software? They
> could compromise people's laptops by spik
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/06/2013 08:48 PM, Chris Palmer wrote:
> Why would they perform the attack only for encryption software?
> They could compromise people's laptops by spiking any popular app.
What is more important to them: A single system, or all of the comms
go
> Q: "Could the NSA be intercepting downloads of open-source encryption
> software and silently replacing these with their own versions?"
Why would they perform the attack only for encryption software? They
could compromise people's laptops by spiking any popular app.
That they have the capacity doesn't mean they ever actually did it,
Schneier's comment is conservative. It is obviously within in their (legal)
capacity to change anything going accross US and INTNET cables and to forge
a some families of signatures.
2013/9/6 Eugen Leitl
> On Fri, Sep 06, 2013
On 6 September 2013 16:25, Jerry Leichter wrote:
> Q: "Could the NSA be intercepting downloads of open-source encryption
> software and silently replacing these with their own versions?"
>
http://c2.com/cgi/wiki?TheKenThompsonHack
(and many other references)
A response he wrote as part of a discussion at
http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html:
Q: "Could the NSA be intercepting downloads of open-source encryption software
and silently replacing these with their own versions?"
A: (Schneier) Yes, I believe so.
On Fri, Sep 06, 2013 at 04:25:12PM -0400, Jerry Leichter wrote:
> A response he wrote as part of a discussion at
> http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html:
>
> Q: "Could the NSA be intercepting downloads of open-source encryption
> software and silently replacing these
17 matches
Mail list logo
