[149144] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Mon Jan 20 14:48:17 2014
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <004F14E9-47B0-488B-BC32-2628EE36F8C0@gmail.com>
Date: Mon, 20 Jan 2014 14:39:03 -0500
To: John Kelsey <crypto.jmk@gmail.com>
Cc: cryptography moderated list <cryptography@metzdowd.com>,
William Allen Simpson <william.allen.simpson@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4772507757736985988==
Content-Type: multipart/signed; boundary="Apple-Mail=_6E6F1F02-060E-4FA4-9B5A-DA82AC5EAFF5"; protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_6E6F1F02-060E-4FA4-9B5A-DA82AC5EAFF5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Jan 20, 2014, at 12:49 PM, John Kelsey <crypto.jmk@gmail.com> wrote:
> Perhaps this is the result of living in a government bubble for =
awhile, but I certainly saw and heard a lot of the bigger community who =
thought NSA's involvement in domestic crypto standards and companies was =
intended to improve security. That's why NSA people were and are openly =
members of a bunch of standards committees, why people invited NSA guys =
to give talks and take part in competitions, why people were using stuff =
like SE Linux. People have been using DSA, the NIST curves, SHA1, and =
SHA2 for many years, believing them secure--because the assumption was =
that NSA wasn't putting backdoored stuff out there. =20
Absolutely. And it's not just a matter of living inside the government =
bubble.
NSA has had a surprisingly good reputation pretty much until Snodownia. =
Before their involvement with DES, no one really knew anything about =
them - but every interaction I've ever heard of with NSA people left the =
impression that they were extremely bright and extremely competent. (A =
friend who, many years ago interviewed with both CIA and NSA, thought =
the interviewers for the former were a bunch of bumbling idiots, while =
he was very impressed with the latter. He never took a government job, =
however.)
NSA managed to appear not to be much involved in the old crypto wars. =
Sure, everyone knew that they were the ones who wanted to be able to =
keep decrypting stuff, but they managed to come across as mere =
implementers of policies set elsewhere. Their involvement with DES =
looked bad for a while - why *those* S boxes? Why 56 bits? - but then =
differential cryptanalysis was re-discovered in public and it turned out =
that NSA had actually specified S-boxes as strong against it as possible =
- and that the real strength really was around 56 bits. NSA came out as =
being ahead of the rest of the world, and using their lead to strengthen =
publicly available crypto.
This is one reason I find all the whining about the NSA/RSA business a =
bit of revisionist history. You can't look at what RSA did in the light =
of what we know today. You have to look at it based on what was known =
or reasonably strongly suspected at the time. Certainly at the time =
DUAL EC DRBG was added to the NIST standards, and RSA added it to BSAFE, =
NSA was accepted in the role of "helper". The demonstration that it =
*could* have a trap door didn't show it *did* have a trap door - and =
after all NSA was fulfilling its role of helping to improve the security =
of American communications, no? (Well, that *was and is* one of its =
legally-defined roles, and that was the one we all saw, repeatedly, in =
public.)
> That's part of the collateral damage of the dual ec drbg trapdoor. =
They had spent 10-15 years trying to build a good relationship with the =
crypto and computer security community, and when this came out, they =
lost that relationship. Researchers will still take their money, =
government agencies required by law to work with them will continue to =
do so, but the default assumption won't be "they're on our side" =
anymore. The ultimate cost of that will be many times higher than =
however much was budgeted for the project that got the dual ec drbg into =
the world. =20
Absolutely. Whoever thought this was a good idea should have been shown =
the door a *long* time ago. It took incredible arrogance to think this =
kind of thing could be kept secret - and in fact the suspicions were =
raised a long time ago. It was only an aggressive "good cop" campaign - =
and a great deal of luck, e.g., the long history of suspicion that NSA =
had planted back doors in the DES S-boxes that we now know was nonsense, =
thus making claims that they planted back doors elsewhere seem like =
tinfoil-hat stuff - that let it last as long as it did.
In the end, one wonders just how much they actually gained anyway. What =
significant NSA targets ever used BSAFE and DUAL EC DRBG? I'd guess =
relatively few. Terrorist organizations use home-brew or open source =
stuff - they don't spend money on crypto libraries. (If NSA had managed =
to subvert the Linux RNG, they'd have had something.) The larger =
governments have their own crypto organizations. Maybe this helped them =
with some smaller governments and some (likely mainly American) large =
corporations. Hardly seems worth in light of what they've now lost.
-- Jerry
--Apple-Mail=_6E6F1F02-060E-4FA4-9B5A-DA82AC5EAFF5
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO5DCCBJ0w
ggOFoAMCAQICEDQ96SusJzT/j8s0lPvMcFQwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYz
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsG
AQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
9w0BAQUFAAOCAQEAAbyc42MosPMxAcLfe91ioAGdIzEPnJJzU1HqH0z61p/Eyi9nfngzD3QWuZGH
kfWKJvpkcADYHvkLBGJQh5OB1Nr1I9s0u4VWtHA0bniDNx6FHMURFZJfhxe9rGr98cLRzIlfsXzw
PlHyNfN87GCYazor4O/fs32G67Ub9VvsonyYE9cAULnRLXPeA3h04QWFMV7LmrmdlMa5lDd1ctxE
+2fo8PolHlKn2iXpR+CgxzygTrEKNvt3SJ/vl4r7tP7jlBSog7xcLT/SYHFg7sJxggzpiDbj2iC0
o6BsqpZLuICOdcpJB/Y7FLrf3AXZn9vgsuZNoHgm5+ctbn9fxh6IFTCCBRowggQCoAMCAQICEG0Z
6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJV
VDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZp
cnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAw
NTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP
TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdC
lOD5J3EHxcZppLkyxPFAGpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh3
37EXrMLaggLW1DJq1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJA
AVtIaN3FSrTg7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJy
ZCaRTqWSD//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOC
AUswggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG
eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNVHSAE
CjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VU
Ti1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYIKwYBBQUHAQEE
aDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RDbGll
bnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3
DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/avQUn1G1rF0q0bc24+6SZ85kyY
wTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo2rHA8XV6L566k3nK/uKRHlZ0sviN
0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjrP0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6
PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIaXXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrR
eTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7qpeeU0rD+83X5f27nMIIFITCCBAmgAwIBAgIQbDkx
1BIhYvJPPyuqUq3TXjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExp
bWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBF
bWFpbCBDQTAeFw0xMzEyMTIwMDAwMDBaFw0xNDEyMTIyMzU5NTlaMCExHzAdBgkqhkiG9w0BCQEW
EGxlaWNodGVyQGxydy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcxkWWIpx9
1jeZsY58KmdNT9YcnXrfzFTzt0FGBkQ+kHKX1CqirfmGXSK2dGGZG1pkcnQYC/xYjWV/EuKM+34v
mvrmqpYqP6ZcvTE5xEHhcjSQTVGtFRH/ysswm6ckEIhlQ+szhGMkE9DGiMN+ExoDdGXW0vkjIxvm
YlZtI4ohw0plXB5jBz+JXR+uWovnvRrYVNujXV8P1f4oGHEiqS++ThsDkdrwgUAuVt3Vd+AR2b9u
4p7BBg2ifK+nnpB9Qvp8nJu4byIs86J07k5NVjprMUrZ4zpA1GuVIavFwntDIVueGRpi4jwtr/OE
NQOOfJ+n8hp2rs0LfrRWH+dRQW5jAgMBAAGjggHgMIIB3DAfBgNVHSMEGDAWgBR6E04AdFvGeGNk
J8Ev4qBbvHnFezAdBgNVHQ4EFgQUGC6zwEozq6+Xt9SC3MUWhApg0oUwDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG
+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRw
czovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzBXBgNVHR8EUDBOMEygSqBIhkZodHRwOi8vY3JsLmNv
bW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3Js
MIGIBggrBgEFBQcBAQR8MHowUgYIKwYBBQUHMAKGRmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NP
TU9ET0NsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcnQwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAbBgNVHREEFDASgRBsZWljaHRlckBscncuY29tMA0G
CSqGSIb3DQEBBQUAA4IBAQBDmBD7c/0z1sApyjMF3WMva4b2Kid9frR+p1+BhKtTOYXQ1NOYF5bb
Qm/c0mEQ0JGaNA64x2ujfjnfwaKt9BPa4FP2Ffvvod5uu8pasxuOR07iODBx8b78vqXOS4fUsdE+
Ial+ALtsAQcjdh8TRWN+myFcSf0qQH/7k3IODp2eVy4i4mHEDvHwMoUWaIsUACOoHgpxbqHqDyXg
c7uey1TH1F+CjcSzyycEP8dAzxuh7npov0IWFniY/y6Qm/ZSeTPU6CpzH29t/IZiJUfzgfzYQnR1
DED4ZMBQ8BjAZdpdqz7F00Vudwsojrj7qqreBVN1D7MAjpoevnq0r5qjomM0MYIDqzCCA6cCAQEw
gagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xp
ZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEGw5MdQSIWLyTz8rqlKt014w
CQYFKw4DAhoFAKCCAdcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTQwMTIwMTkzOTA2WjAjBgkqhkiG9w0BCQQxFgQUXaWaSNA1qJXr9Nya/CjVRbC2xZwwgbkGCSsG
AQQBgjcQBDGBqzCBqDCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMT
MENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQbDkx1BIh
YvJPPyuqUq3TXjCBuwYLKoZIhvcNAQkQAgsxgauggagwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQI
ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1
cmUgRW1haWwgQ0ECEGw5MdQSIWLyTz8rqlKt014wDQYJKoZIhvcNAQEBBQAEggEAm4heBsoqd1wk
KKU+Am1iAIRYBJVec6T5pnLP/IsGBLx/MrWRtBjBIGBCxYharqPypcn4hbiHEKKqRgCEJ6O3l2AE
IeFOhOu3jnR/JGTCox5xZUX++PSjUCbcpMQg5LYn5o26/uDyGNT1NRu9PsYsZdkCU6Y/CHTDY9Kg
L6VLz0zamw9DDqikPVh4V6VRe57fKI6pIBFRKmP66sgNkUuml1lEe71gj9miFjX6jiT1hACQn3zi
tBIA/+mBHbLxX+xn03xi4EtadsXoNn2r8CTHAodcCqCqpiGLS7k+u6PsciBSO2gC+TwT0UwzY2zw
wGAAEVmt1ZzzhEvkfxfwJAyS8gAAAAAAAA==
--Apple-Mail=_6E6F1F02-060E-4FA4-9B5A-DA82AC5EAFF5--
--===============4772507757736985988==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4772507757736985988==--
