[7177] in cryptography@c2.net mail archive
Re: NSA back doors in encryption products
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Wed May 24 21:36:29 2000
Message-ID: <02b701bfc5e7$99232dc0$16006598@asiainter.net>
Reply-To: "Enzo Michelangeli" <enzom@bigfoot.com>
From: "Enzo Michelangeli" <em@who.net>
To: "Eugene Leitl" <eugene.leitl@lrz.uni-muenchen.de>,
"Rick Smith" <rick_smith@securecomputing.com>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>,
"John Gilmore" <gnu@toad.com>, <cryptography@c2.net>, <gnu@cygnus.com>
Date: Thu, 25 May 2000 09:21:14 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
And why should we trust hardware implementations, which are even more opaque
to analysis than binary-only software?
Enzo
----- Original Message -----
From: "Eugene Leitl" <eugene.leitl@lrz.uni-muenchen.de>
To: "Rick Smith" <rick_smith@securecomputing.com>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>; "John Gilmore"
<gnu@toad.com>; <cryptography@c2.net>; <gnu@cygnus.com>
Sent: Thursday, May 25, 2000 7:41
Subject: Re: NSA back doors in encryption products
> Rick Smith writes:
>
> > 3) A more sophisticated backdoor in Windows would involve a lot of
people
> > who can't be covered by government secrecy agreements. It would be
> > extremely difficult to keep such a thing both functioning and secret
for
> > more than a few years.
>
> The canonical way to install an essentially undetectable trapdoor is
> to use multiple remotely exploitable buffer overruns. In absence of
> source code, this is essentially impossible to detect, unless
> triggered by chance (which can be made arbitrarily improbable by
> design, e.g. by cooperation of a mailer with an OS) and deliberate
> introduction of such can always claim plausible
> deniability. Cryptography on a box running keyboard capture is pretty
> useless, of course.
>
> If NSA/MS are not doing it, they must be pretty stupid, because I'd do
> it in their place. The prudent assumption is hence: your online system
> can't be completely trusted, whether OpenSource, or not. Encryption
> should be done in hardware.
>
