.................................................................................................................................
-Dan Shumow
09-24-2013 At Cryoto Conference 2006, Santa Barbara, Dan Shumow and his Microsoft colleague Niels Ferguson titled their brief presentation, provocatively, “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng.” It was a title only a crypto-geek would love or get.
The talk was only nine slides long (.pdf). But those nine slides were potentially dynamite. They laid out a case showing that a new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made an algorithm in it susceptible to cracking. But the weakness they described wasn't just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.
For such a dramatic presentation – by mathematicians' standards – the reaction to it was surprisingly muted. “I think folks thought, 'Well that’s interesting,' and, 'Wow, it looks like maybe there was a flaw in the design,'” says a senior Microsoft manager who was at the talk. “But there wasn’t a huge reaction.”
Six years later, that's all changed. Early this month the New York Times drew a connection between their talk and memos leaked by Edward Snowden, classified Top Secret, that apparently confirms that the weakness in the standard and so-called Dual_EC_DRBG algorithm was indeed a backdoor. The Times story implies that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.
"If [NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them," says Jon Callas, the CTO of Silent Circle, whose company offers encrypted phone communication. "Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing you would expect something more devious, Machiavellian..., and this thing is just laughably bad. This is Boris and Natasha sort of stuff." ...
But Paul Kocher, president and chief scientist of Cryptography Research, says "In my entire career in cryptography, I've never seen a vulnerability like this." https://www.wired.com/2013/09/nsa-backdoor/
"If [NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them," says Jon Callas, the CTO of Silent Circle, whose company offers encrypted phone communication. "Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing you would expect something more devious, Machiavellian..., and this thing is just laughably bad. This is Boris and Natasha sort of stuff." ...
But Paul Kocher, president and chief scientist of Cryptography Research, says "In my entire career in cryptography, I've never seen a vulnerability like this." https://www.wired.com/2013/09/nsa-backdoor/
No comments:
Post a Comment