[146581] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Sep 5 16:27:24 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130905155804.03b6eedd@jabberwock.cb.piermont.com>
Date: Thu, 5 Sep 2013 16:11:57 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0143233509797279120==
Content-Type: multipart/alternative; boundary=001a1133f3d0b1a03204e5a8883f
--001a1133f3d0b1a03204e5a8883f
Content-Type: text/plain; charset=ISO-8859-1
OK how about this:
If a person at Snowden's level in the NSA had any access to information
that indicated the existence of any program which involved the successful
cryptanalysis of any cipher regarded as 'strong' by this community then the
Director of National Intelligence, the Director of the NSA and everyone
involved in those decisions should be fired immediately and lose their
pensions.
What was important in Ultra was the fact that the Germans never discovered
they were being intercepted and decrypted. They would have strengthened
their cipher immediately if they had known it was broken.
So either the NSA has committed an unpardonable act of carelessness (beyond
the stupidity of giving 50,000 people like Snowden access to information
that should not have been shared beyond 500) or the program involves lower
strength ciphers that we would not recommend the use of but are still there
in the cipher suites.
I keep telling people that you do not make a system more secure by adding
the choice of a stronger cipher into the application. You make the system
more secure by REMOVING the choice of the weak ciphers.
I would bet that there is more than enough DES traffic to be worth attack
and probably quite a bit on IDEA as well. There is probably even some 40
and 64 bit crypto in use.
Before we assume that the NSA is robbing banks by using an invisibility
cloak lets consider the likelihood that they are beating up old ladies and
taking their handbags.
On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Metzger <perry@piermont.com> wrote:
> I would like to open the floor to *informed speculation* about
> BULLRUN.
>
> Informed speculation means intelligent, technical ideas about what
> has been done. It does not mean wild conspiracy theories and the
> like. I will be instructing the moderators (yes, I have help these
> days) to ruthlessly prune inappropriate material.
>
> At the same time, I will repeat that reasonably informed
> technical speculation is appropriate, as is any solid information
> available.
>
>
> Perry
> --
> Perry E. Metzger perry@piermont.com
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--
Website: http://hallambaker.com/
--001a1133f3d0b1a03204e5a8883f
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">OK how about this:<div><br></div><div>If a person at Snowd=
en's level in the NSA had any access to information that indicated the =
existence of any program which involved the successful cryptanalysis of any=
cipher regarded as 'strong' by this community then the Director of=
National Intelligence, the Director of the NSA and everyone involved in th=
ose decisions should be fired immediately and lose their pensions.</div>
<div><br></div><div>What was important in Ultra was the fact that the Germa=
ns never discovered they were being intercepted and decrypted. They would h=
ave strengthened their cipher immediately if they had known it was broken.=
=A0<br>
</div><div><br></div><div><br></div><div>So either the NSA has committed an=
unpardonable act of carelessness (beyond the stupidity of giving 50,000 pe=
ople like Snowden access to information that should not have been shared be=
yond 500) or the program involves lower strength ciphers that we would not =
recommend the use of but are still there in the cipher suites.</div>
<div><br></div><div>I keep telling people that you do not make a system mor=
e secure by adding the choice of a stronger cipher into the application. Yo=
u make the system more secure by REMOVING the choice of the weak ciphers.</=
div>
<div><br></div><div>I would bet that there is more than enough DES traffic =
to be worth attack and probably quite a bit on IDEA as well. There is proba=
bly even some 40 and 64 bit crypto in use.</div><div><br></div><div><br>
</div><div>Before we assume that the NSA is robbing banks by using an invis=
ibility cloak lets consider the likelihood that they are beating up old lad=
ies and taking their handbags.</div></div><div class=3D"gmail_extra"><br>
<br><div class=3D"gmail_quote">On Thu, Sep 5, 2013 at 3:58 PM, Perry E. Met=
zger <span dir=3D"ltr"><<a href=3D"mailto:perry@piermont.com" target=3D"=
_blank">perry@piermont.com</a>></span> wrote:<br><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">
I would like to open the floor to *informed speculation* about<br>
BULLRUN.<br>
<br>
Informed speculation means intelligent, technical ideas about what<br>
has been done. It does not mean wild conspiracy theories and the<br>
like. I will be instructing the moderators (yes, I have help these<br>
days) to ruthlessly prune inappropriate material.<br>
<br>
At the same time, I will repeat that reasonably informed<br>
technical speculation is appropriate, as is any solid information<br>
available.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
<br>
Perry<br>
--<br>
Perry E. Metzger =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<a href=3D"mailto:perry@pie=
rmont.com">perry@piermont.com</a><br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href=3D"mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><=
br>
<a href=3D"http://www.metzdowd.com/mailman/listinfo/cryptography" target=3D=
"_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>
</font></span></blockquote></div><br><br clear=3D"all"><div><br></div>-- <b=
r>Website: <a href=3D"http://hallambaker.com/">http://hallambaker.com/</a><=
br>
</div>
--001a1133f3d0b1a03204e5a8883f--
--===============0143233509797279120==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0143233509797279120==--
