[148802] in cryptography@c2.net mail archive
Re: [Cryptography] What do we know? (Was 'We cannot trust' ...)
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sat Dec 28 12:49:38 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52B945C4.5030505@echeque.com>
Date: Sat, 28 Dec 2013 12:39:11 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "James A. Donald" <jamesd@echeque.com>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5833396550470764829==
Content-Type: multipart/alternative; boundary=001a1134989c4a58fd04ee9bb0f4
--001a1134989c4a58fd04ee9bb0f4
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Dec 24, 2013 at 3:28 AM, James A. Donald <jamesd@echeque.com> wrote:
> On Dec 23, 2013, at 5:00 AM, "James A. Donald" <jamesd@echeque.com> wrote:
>
>> But what RSA did was provide backdoored BSAFE to everyone, not just one
>>> government agency.
>>>
>>
> On 2013-12-24 02:13, Jerry Leichter wrote:
>
>> Well ... yes, that's the way commercial software works. Everyone buys
>> the same thing.
>>
>
> Not when you are selling to government agencies. If they want a
> customized product, you produce a fork or a skew for that government agency
> and charge them extra.
Except that the main customer base for BSafe these days is government
suppliers and what most of us assumed the point of the contract to be was
making a FIPS certified Suite B implementation available to government
suppliers.
It was a social engineering attack and they got pwned. I don't think it is
appropriate to allege collusion or malice to RSA or EMC.
What is rather telling is that the NSA is apparently subverting US
government crypto and nobody seems to be asking if the motivation was not
to spy on other parts of USG and if so to what end.
From 1953 through the Nixon era, the business of the NSA and CIA was
toppling inconvenient governments. The military command is full of Fox News
watching Tea Party types. There are a lot of US politicians who openly
mouth treason and their are military officers who refer to those comments
'in jest'.
I don't think their coup attempt will amount to anything more than the
recent Spanish farce but they are certainly talking themselves up to
something of the sort and they will probably get a lot of people killed in
the process.
--
Website: http://hallambaker.com/
--001a1134989c4a58fd04ee9bb0f4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
ue, Dec 24, 2013 at 3:28 AM, James A. Donald <span dir=3D"ltr"><<a href=
=3D"mailto:jamesd@echeque.com" target=3D"_blank">jamesd@echeque.com</a>>=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Dec 23, 2013, at 5:00 A=
M, "James A. Donald" <<a href=3D"mailto:jamesd@echeque.com" ta=
rget=3D"_blank">jamesd@echeque.com</a>> wrote:<br>
</div><div class=3D"im"><blockquote class=3D"gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">
But what RSA did was provide backdoored BSAFE to everyone, not just one gov=
ernment agency.<br>
</blockquote></blockquote>
<br></div><div class=3D"im">
On 2013-12-24 02:13, Jerry Leichter wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Well ... yes, that's the way commercial software works. =A0Everyone buy=
s the same thing.<br>
</blockquote>
<br></div>
Not when you are selling to government agencies. =A0If they want a customiz=
ed product, you produce a fork or a skew for that government agency and cha=
rge them extra.</blockquote><div><br></div><div><br></div><div>Except that =
the main customer base for BSafe these days is government suppliers and wha=
t most of us assumed the point of the contract to be was making a FIPS cert=
ified Suite B implementation available to government suppliers.</div>
<div><br></div><div>It was a social engineering attack and they got pwned. =
I don't think it is appropriate to allege collusion or malice to RSA or=
EMC.=A0</div></div><div><br></div><div><br></div><div>What is rather telli=
ng is that the NSA is apparently subverting US government crypto and nobody=
seems to be asking if the motivation was not to spy on other parts of USG =
and if so to what end.</div>
<div><br></div><div>From 1953 through the Nixon era, the business of the NS=
A and CIA was toppling inconvenient governments. The military command is fu=
ll of Fox News watching Tea Party types. There are a lot of US politicians =
who openly mouth treason and their are military officers who refer to those=
comments 'in jest'.</div>
<div><br></div><div>I don't think their coup attempt will amount to any=
thing more than the recent Spanish farce but they are certainly talking the=
mselves up to something of the sort and they will probably get a lot of peo=
ple killed in the process.</div>
<div><br></div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker=
.com/">http://hallambaker.com/</a><br>
</div></div>
--001a1134989c4a58fd04ee9bb0f4--
--===============5833396550470764829==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5833396550470764829==--
