|
search / subscribe / upload / contact |
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
| RSS-Feed Depeschen |  |
|
|
||
|
||
Date: 1999-02-17
Krypto, Backdoors, NSA: Bruce Schneier erzählt-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- Beziehungen zwischen privaten Krypto/schreibstuben & der National Security Agency verdanken wir dem mit Fug & Recht weltbekannten Zyffer/zampano Bruce Schneier. Besonders bemerkenswert ist [siehe unten], dass die ultimative Macht der Finsternis ganz offenbar den gängigen 56bit DES Schlüssel viel lieber knackt, als einen weit schwächeren 40bit Code, so dieser unbekannter Herkunft ist. -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- Back Doors, Export, and the NSA Bruce Schneier Among cryptography product companies, "Have you had a meeting with Lew Giles?" is code for "Has the NSA asked you to secretly weaken your product?" Giles has been known to visit companies and request that they add back doors to their products so that the NSA could break the encryption. The deal went something like this: Giles offered you preferential treatment for export if you would add a back door. The back door could be subtle enough that it wouldn't show up in the design, and only be obvious if someone analyzed the binary code. It could be something that would easily be viewed as a mistake if someone learned about it. Maybe you could weaken your random number generator, or leak a few key bits in a header. Anything that would let the NSA decrypt the ciphertext without it looking like the crypto was broken. In return you would be able to export your products. But you and he would have to come up with some kind of cover story as to why you could export what was normally unexportable encryption, something that would allay any suspicion. Giles was supposedly very smooth. He would try a variety of tactics to make you go along with this plan. Sometimes he would meet with just the engineers -- no management -- to try and circumvent potential problems. I've heard this story from several cryptography companies, large and small. None of them were willing to talk on the record. All were visited at least two years ago; most were visited by Giles. None agreed to this bargain. (Presumably those who did would be unwilling to admit even talking to the NSA.) And all of these stories are at least two years old; I have no idea if Giles is still employed by the NSA, if he is still doing this kind of thing, or in fact if anyone is still doing this kind of thing. None of this should be surprising. The NSA seems to have done whatever it could to add trap-doors into cryptography products. They completely subverted the Swiss company CryptoAG, for example, and for at least half a century have been intercepting and decrypting the top-secret documents of most of the world's governments. (The URL for this absolutely fascinating story is <http://www.caq.com/CAQ/caq63/caq63madsen.html>.) This kind of thing happens in Canada, too. One name I've heard is Norm Weijer; a couple of years ago he visited several Canadian crypto companies. One person tells the story of submitting his product to Norm for export approval. The product used a number of different proprietary algorithms, all weakened to 40-bit. The word came back, unofficially of course, that if he would get rid of the proprietary algorithms and replace them with 56-bit DES, they could get export approval. Presumably using their existing DES crackers was easier than building unique crackers for this particular product. relayed by schneier@counterpane.com http://www.counterpane.com -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- edited by Harkank published on: 1999-02-17 comments to office@quintessenz.at subscribe Newsletter - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- 
|
|
|
 |
CURRENTLY RUNNING |
q/Talk 1.Juli: The Danger of Software Users Don't Control
|
|
|
!WATCH OUT! |
bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien
|
|