[146584] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Eric Murray)
Thu Sep 5 16:42:55 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 05 Sep 2013 13:33:48 -0700
From: Eric Murray <ericm@lne.com>
To: cryptography@metzdowd.com
In-Reply-To: <CAMm+LwjdhdXc2VabG2M+vP3A6CsgSU7b60u0jVDb0dmq6Siq_Q@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
The NYT article is pretty informative:
(http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.ht=
ml)
"Because strong encryption can be so effective, classified N.S.A. =
documents make clear, the agency=92s success depends on working with =
Internet companies =97 by getting their voluntary collaboration, forcing =
their cooperation with court orders or surreptitiously stealing their =
encryption keys or altering their software or hardware."
"N.S.A. documents show that the agency maintains an internal database of =
encryption keys for specific commercial products, called a Key =
Provisioning Service, which can automatically decode many messages. If =
the necessary key is not in the collection, a request goes to the =
separate Key Recovery Service, which tries to obtain it.
How keys are acquired is shrouded in secrecy, but independent =
cryptographers say many are probably collected by hacking into =
companies=92 computer servers, where they are stored"
Also interesting:
"Cryptographers have long suspected that the agency planted =
vulnerabilities in a standard adopted in 2006 by the National Institute =
of Standards and Technology, the United States=92 encryption standards =
body, and later by the International Organization for Standardization, =
which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, =
discovered by two Microsoft cryptographers in 2007, was engineered by =
the agency. The N.S.A. wrote the standard and aggressively pushed it on =
the international group, privately calling the effort =93a challenge in =
finesse.=94
=93Eventually, N.S.A. became the sole editor,=94 the memo says."
Anyone recognize the standard?
Eric
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
