[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: NSA: Do they or don't they?

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] OT: NSA: Do they or don't they?
From: Martijn Grooten <dcglug@xxxxxxxxxxxxxxxxxx>
Date: Fri, 6 Sep 2013 21:03:52 +0000 (UTC)
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1378501432; bh=kxTihOZ2FrwUK4dlNsLHrEnk+3paSdmlShKb/rnPK98=; h=Date:From:To:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=KS4VROwij2ZdtDv+Z+sSwoQBloIzaSgNhDVt4jPFtP43Ht8LwqyhNsIdh3nMTt5S4 Otp7fCzQQzN7vyZf8AtZlGJMC+Raj5J8xZZ4/OfPaBRs3Lq4s0KZSO+U6x9BgBxhhh ZJPf3vUnmujOPUX3rNKedtemvPLSEXYO0ZMdooq0=

On Fri, 6 Sep 2013, bad apple wrote:

So, to summarise: completely breaking our current crypto algorithms
would be as spectacular as exceeding the speed of light or showing an
instance where entropy did not increase in a finite system over time. It
may well never happen. Incremental improvements in attack strategy,
algorithms and spotting implementation attacks are however a given.


We agree. :-)

The two reasons for my comments were:

1. the distinction between the maths and the implementations isn't alwaysclear. Many RSA implementations don't chose the prime numbers in a randomenough way. That's an implementation issue, but may not look like it. Iworry people confuse the two and think "well, I'm using 4096-bit RSA, whatcould possibly go wrong".

2. when crypto gets harder than RSA (elliptic curves and beyond) thechances of there being a flaw or vulnerability in the maths are bigger.The chance of there being something fundamentally wrong with the maths inECC is more or less zero, but ECC involves choosing a certain curve. Thereare classes of curves that lead to weaked-than-expected crypto that youshould thus avoid.

It possible that an entity knows other curves that are weak. Throughclever social engineering, the entity may even be able to nudge peopleinto using curves from this class for their ECC.

Reading comments from some experts, I don't think this is likely and Idon't think this is what happened - Schneier's and Snowden's commentsstrenghten me in this belief. But it is a possibility that is not to becompletely excluded.


Martijn.

(Disclaimer: I did maths at uni and the did some research into algebraicgeometry, which gave me some insight into how elliptic curves and ECCwork. "Some insight" is nowhere near enough for cryptography though and Ihaven't done any of this stuff for more than seven years.)


--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] OT: NSA: Do they or don't they?
- From: Mark Evans

References:
- [LUG] OT: NSA: Do they or don't they?
  - From: Philip Hudson
- Re: [LUG] OT: NSA: Do they or don't they?
  - From: Martijn Grooten
- Re: [LUG] OT: NSA: Do they or don't they?
  - From: bad apple
- Re: [LUG] OT: NSA: Do they or don't they?
  - From: Martijn Grooten
- Re: [LUG] OT: NSA: Do they or don't they?
  - From: bad apple

Prev by Date: Re: [LUG] Separate Home Partition
Next by Date: [LUG] Lug meets
Previous by thread: Re: [LUG] OT: NSA: Do they or don't they?
Next by thread: Re: [LUG] OT: NSA: Do they or don't they?
Index(es):
- Date
- Thread