[148904] in cryptography@c2.net mail archive
Re: [Cryptography] nuclear arming codes
daemon@ATHENA.MIT.EDU (demonfighter6 .)
Fri Jan 3 12:49:17 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <BBB6DFC6-F532-4D23-A6C6-AE74AFAC1C3A@lrw.com>
Date: Fri, 3 Jan 2014 12:17:14 -0500
From: "demonfighter6 ." <demonfighter@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
Cc: Jerry Leichter <leichter@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3842861153368962561==
Content-Type: multipart/alternative; boundary=f46d0438957fd13b5804ef14143d
--f46d0438957fd13b5804ef14143d
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Jan 3, 2014 at 8:50 AM, Jerry Leichter <leichter@lrw.com> wrote:
> Meanwhile, a forward-looking question: Given what we know today
> - about cryptography in general, and NSA's infiltration of pretty much
> anything having to *do* with cryptographic implementations in
> particular - would it be possible to have an agreement such as the
> old test-ban treaty whose verification relies on cryptography?
> The 1980's ideas about public key looked naive even prior to
> Snodownia, but at least one could argue that it was *possible* to
> get the required level of assurance for both parties. Is that even
> conceivable today?
That's a psychological or political question, not a technical one. I
wouldn't count on the politicians making and signing the agreements to
understand anything beyond the Caesar cypher. They'll go with advice from
on-tap experts who may or have been compromised or who may not be
sufficiently paranoid. Techno naysayers who say things the pols don't want
to hear will be dismissed as unrealistically paranoid. Bottom line, I
wouldn't be at all surprised to find an agreement being put into place,
with the assurance mechanism being revealed to be broken shortly after it's
implemented or (worse) being revealed years later to have been broken
before implementation.
On a related topic, security people are by nature paranoid, but there are
degrees of professional paranoia. Recent leaks show that only the most
paranoid of the crypto security people were anywhere near correct regarding
penetration of corporations and algorithms and privately-owned hardware.
Bummer, that.
--
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
--f46d0438957fd13b5804ef14143d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On F=
ri, Jan 3, 2014 at 8:50 AM, Jerry Leichter <span dir=3D"ltr"><<a href=3D=
"mailto:leichter@lrw.com" target=3D"_blank">leichter@lrw.com</a>></span>=
wrote:</div>
<div class=3D"gmail_quote">=A0</div><div class=3D"gmail_quote">> Meanwhi=
le, a forward-looking question: =A0Given what we know today</div><div class=
=3D"gmail_quote">>=A0- about cryptography in general, and NSA's infi=
ltration of pretty much</div>
<div class=3D"gmail_quote">>=A0anything having to *do* with cryptographi=
c implementations in</div><div class=3D"gmail_quote">>=A0particular - wo=
uld it be possible to have an agreement such as the</div><div class=3D"gmai=
l_quote">
>=A0old test-ban treaty whose verification relies on cryptography?</div>=
<div class=3D"gmail_quote">>=A0The 1980's ideas about public key loo=
ked naive even prior to</div><div class=3D"gmail_quote">>=A0Snodownia, b=
ut at least one could argue that it was *possible* to</div>
<div class=3D"gmail_quote">>=A0get the required level of assurance for b=
oth parties. =A0Is that even</div><div class=3D"gmail_quote">>=A0conceiv=
able today?<br>
</div><div class=3D"gmail_quote">That's a psychological or political qu=
estion, not a technical one. I wouldn't count on the politicians making=
and signing the agreements to understand anything beyond the Caesar cypher=
. They'll go with advice from on-tap experts who may or have been compr=
omised or who may not be sufficiently paranoid. Techno naysayers who say th=
ings the pols don't want to hear=A0will be dismissed as unrealistically=
paranoid. Bottom line, I wouldn't be at all surprised to find an agree=
ment being put into place, with the assurance mechanism being revealed to b=
e broken shortly after it's implemented or (worse) being revealed years=
later to have been broken before implementation.</div>
<div class=3D"gmail_quote">=A0</div><div class=3D"gmail_quote">On a related=
topic, security people are by nature paranoid, but there are degrees of pr=
ofessional paranoia. Recent leaks show that only the most paranoid of the c=
rypto security people were anywhere near correct regarding penetration of c=
orporations and algorithms and privately-owned hardware. Bummer, that.</div=
>
<div class=3D"gmail_quote">=A0</div><div class=3D"gmail_quote">-- <br>Neca =
eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209<br>
</div></div></div>
--f46d0438957fd13b5804ef14143d--
--===============3842861153368962561==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3842861153368962561==--
