[148153] in cryptography@c2.net mail archive
Re: [Cryptography] NIST should publish Suite A
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Nov 13 02:01:16 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 12 Nov 2013 18:56:58 -0800
To: Cryptography Mailing List <cryptography@metzdowd.com>
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <6F7F1FBD-EBC5-4D3A-A40E-D06EB16F2439@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
At 03:28 AM 11/12/2013, Jerry Leichter wrote:
>The NSA would have no reason to be concerned about Suite A being
>attackable *by NSA*.
Huh? Of course they would.
Half* the NSA's job is to crack communications, half of it's to protect them.
The people whose job is to protect codes have a responsibility to
their customers
to make sure that the code-crackers can't crack them,
not only because the customers might insist on it,
but because good operational security includes considering threat models like
"somebody in the NSA is a mole" or "somebody hired contractors as sysadmins",
and following appropriate least-privilege policies, two-person rules, etc.
Perhaps the crackers' business model also includes having some "Suite
A-Prime" gear
for people they want to attack while telling them it's Suite A gear,
but that's not really the same case at "no reason to be concerned."
(*Ok, sometimes "half" == 99%.)
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
