[1266] in cryptography@c2.net mail archive
Crypto Hearing Transcript
daemon@ATHENA.MIT.EDU (Rick Smith)
Mon Jul 28 17:11:46 1997
In-Reply-To: <1.5.4.32.19970726184454.0072d6f4@pop.pipeline.com>
Date: Mon, 28 Jul 1997 15:28:33 -0600
To: cryptography@c2.net
From: Rick Smith <smith@securecomputing.com>
I was particularly fascinated by some of the comments by William P.
Crowell, Deputy Director, National Security Agency, taken from page 18:
15 ------The Enigma Machine could not be broken by today's
17 computers.---------------------------------------
20 --------------------] If we didn't have the smart people, if
21 we didn't go out and capture a submarine as we did in World
22 War II, if we didn't co-opt people as we did in World War II,
23 and if they hadn't made mistakes as the Nazis did, we would
24 not have been able to sink 742 Nazi submarines in the battle
25 of the Atlantic.
Thus spoke the NSA's representative in sworn Congressional testimony.
This sounds like a clear statement that secret key encryption technology
has not really progressed beyond what was done 60 years ago. Neither the
NSA nor the GCHQ found a weakness in the algorithm embodied in Enigma (a
rotor machine) that dramatically reduced the key search space. The only way
that messages could be cracked was by reducing the likely key space using
knowledge about how the devices were used in practice. By implication, all
the work done on secret key algorithms since WWII has been limited to
dinking with data formats and efficiency improvements.
This might even suggest that the NSA's captive crypto technology offers no
signficant benefits over commercially available crypto technology, except
perhaps Security Through Obscurity.
Back when I worked in AI I liked to apply the postulate "There is no magic"
when reviewing the claims of various researchers in the field. It's nice to
have the NSA confirm that the same is true for crypto algorithms.
Perhaps Crowell's testimony can even be turned on its head: history
suggests that cryptosystems are so subtle and complex that nobody can use
them on a large scale without leaving a few holes. So, if the FBI wants to
read the Cartel's e-mail, their chances of success are as good if they hack
their way into the e-mail servers as if they use the Cartel's escrowed
keys. This is consistent with my own observations of crypto use in the real
world and with everything I've read: people get sloppy with security when
they have real work to do.
To be fair, it's not really sloppiness, either. The products and operating
experience just aren't in place to reliably block all possible
vulnerabilities. The book "Internet Cryptography" contains numerous lists
of requirements for proper crypto security: requirements applied to
technical features, to products incorporating those features, and to site
deployments using those products. But it's painfully obvious that no real
world site is going to be able to meet all the listed requirements. They'll
have to compromise in product choice because perfect products rarely make
it to market. Same with operating behavior, since security has to be
affordable and not too intrusive. By the time someone does manage to meet
every published requirement, the threat will have evolved beyond those
requirements. In the mean time, all you can do is provide the best
deterrent possible by implementing the highest priority requirements. And
that will no doubt leave a few holes.
Rick.
smith@securecomputing.com Secure Computing Corporation
"Internet Cryptography" in bookstores soon http://www.visi.com/crypto/
