|
<<
^
>>
Date: 1999-02-17
Krypto, Backdoors, NSA: Bruce Schneier erzählt
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Diesen Einblick der besonderen Art in die komplexen
Beziehungen zwischen privaten Krypto/schreibstuben & der
National Security Agency verdanken wir dem mit Fug &
Recht weltbekannten Zyffer/zampano Bruce Schneier.
Besonders bemerkenswert ist [siehe unten], dass die
ultimative Macht der Finsternis ganz offenbar den gängigen
56bit DES Schlüssel viel lieber knackt, als einen weit
schwächeren 40bit Code, so dieser unbekannter Herkunft ist.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Back Doors, Export, and the NSA
Bruce Schneier
Among cryptography product companies, "Have you had a
meeting with Lew Giles?" is code for "Has the NSA asked
you to secretly weaken your product?" Giles has been known
to visit companies and request that they add back doors to
their products so that the NSA could break the encryption.
The deal went something like this: Giles offered you
preferential treatment for export if you would add a back door.
The back door could be subtle enough that it wouldn't show
up in the design, and only be obvious if someone analyzed
the binary code. It could be something that would easily be
viewed as a mistake if someone learned about it. Maybe you
could weaken your random number generator, or leak a few
key bits in a header. Anything that would let the NSA decrypt
the ciphertext without it looking like the crypto was broken.
In return you would be able to export your products. But you
and he would have to come up with some kind of cover story
as to why you could export what was normally unexportable
encryption, something that would allay any suspicion.
Giles was supposedly very smooth. He would try a variety of
tactics to make you go along with this plan. Sometimes he
would meet with just the engineers -- no management -- to
try and circumvent potential problems.
I've heard this story from several cryptography companies,
large and small. None of them were willing to talk on the
record. All were visited at least two years ago; most were
visited by Giles. None agreed to this bargain. (Presumably
those who did would be unwilling to admit even talking to the
NSA.) And all of these stories are at least two years old; I
have no idea if Giles is still employed by the NSA, if he is
still doing this kind of thing, or in fact if anyone is still doing
this kind of thing.
None of this should be surprising. The NSA seems to have
done whatever it could to add trap-doors into cryptography
products. They completely subverted the Swiss company
CryptoAG, for example, and for at least half a century have
been intercepting and decrypting the top-secret documents of
most of the world's governments. (The URL for this
absolutely fascinating story is
<http://www.caq.com/CAQ/caq63/caq63madsen.html>.)
This kind of thing happens in Canada, too. One name I've
heard is Norm Weijer; a couple of years ago he visited
several Canadian crypto companies. One person tells the
story of submitting his product to Norm for export approval.
The product used a number of different proprietary algorithms,
all weakened to 40-bit. The word came back, unofficially of
course, that if he would get rid of the proprietary algorithms
and replace them with 56-bit DES, they could get export
approval. Presumably using their existing DES crackers was
easier than building unique crackers for this particular
product.
relayed by
schneier@counterpane.com
http://www.counterpane.com
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 1999-02-17
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<
^
>>
|
|
|
|