[liberationtech] NYTimes and Guardian on NSA
Michael Rogers
michael at briarproject.org
Fri Sep 6 15:10:08 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/09/13 19:25, Maxim Kammerer wrote:
> I don't see any evidence of said shift in priorities. NSA
> supported escrowed encryption in the 90's, and the alleged
> subversion of standards is most likely similar to escrowed
> encryption, but at the algorithmic level [1], where an adversary
> gaining access to key escrow requires computational / cryptanalysis
> effort that's equivalent to breaking the cryptosystem in question.
>
> [1] https://en.wikipedia.org/wiki/Dual_EC_DRBG
Depends on what you mean by breaking the cryptosystem. Cracking all
instances of the Dual EC DRBG takes equivalent effort to cracking a
single instance of a backdoor-free elliptic curve cryptosystem.
http://rump2007.cr.yp.to/15-shumow.pdf
So the analogy with key escrow is a bit strained. With key escrow, the
adversary has to crack every key individually, whereas with a backdoor
the adversary only has to crack a single key to compromise all users.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJSKlLAAAoJEBEET9GfxSfMr9cH/10ZDmMVU+izR62V3KgcKHOT
dJ+HwF0gkJ0FxeBd2xVA47XHbU3Shnni23XdJhS9l7YPlQdSGt07nu3O1srYALYg
a4vt/OCbkREov9F92OpAEsmkTFw0b2eE4+AwTjU5cJ6KnZ2zm7Fr312Z4m5D4SKQ
h2YNNzXimFCQ4GtTZvelqd7gYfpY7P6TFZWVz5uPqLAaX444Fo8ZsH6u6F4vlJMa
/gxDPjXS+5yPHHeYvsHjiiRBBcBYM4SfkmM2emuuOVOdmQOWmD4zRdHjXR82kYca
ZXpZnzXcfqZ5uma5n4tYXuexs+hjt88KCZQ5uBxwE8JMCxn0uyszsWHuazzrf6k=
=SzwW
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list