D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: NSA: Do they or don't they?

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/09/13 22:03, Martijn Grooten wrote:
> On Fri, 6 Sep 2013, bad apple wrote:
>> So, to summarise: completely breaking our current crypto
>> algorithms would be as spectacular as exceeding the speed of
>> light or showing an instance where entropy did not increase in a
>> finite system over time. It may well never happen. Incremental
>> improvements in attack strategy, algorithms and spotting
>> implementation attacks are however a given.
> 
> We agree. :-)
> 
> The two reasons for my comments were:
> 
> 1. the distinction between the maths and the implementations isn't 
> always clear. Many RSA implementations don't chose the prime
> numbers in a random enough way. That's an implementation issue, but
> may not look like it. I worry people confuse the two and think
> "well, I'm using 4096-bit RSA, what could possibly go wrong".
> 
> 2. when crypto gets harder than RSA (elliptic curves and beyond)
> the chances of there being a flaw or vulnerability in the maths are
> bigger. The chance of there being something fundamentally wrong
> with the maths in ECC is more or less zero, but ECC involves
> choosing a certain curve. There are classes of curves that lead to
> weaked-than-expected crypto that you should thus avoid.

The more complex the maths the greater the risk of subtle bugs meaning
that the algorithm isn't exactly what it should be. Even if the source
code can be verified there is still the possibility of compiler bugs
and optimisations affecting the resultant object code.

> It possible that an entity knows other curves that are weak.
> Through clever social engineering, the entity may even be able to
> nudge people into using curves from this class for their ECC.

I suspect that the NSA dosn't need to use clever or subtle "social
engineering". Having the financial and military resources of the USA
available means they don't need to be. Especially with any
organisation within the US.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlIq+fYACgkQsoRLMhsZpFeakwCeIKdGm+exl1jqdSmnPCNoVznr
xbYAnjrB8qNUsqhHF0WztlbZ+nII1Pz9
=xF8l
-----END PGP SIGNATURE-----

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq