Monday, May 16, 2022

NSA: "No known problems" in Quantum Computing resistant ciphers

Story.  Bruce Schneier (a crypto heavy-hitter) says he believes them. 

I'm not so sure.  Long term readers will remember how the NSA subverted commercial grade encryption.  I wrote about it at some length here and here and here.  Each of these were pretty damning:

  1. These were all independent attempts to undermine commercial crypto.  In other words, NSA has tried at least three times to break crypto so that they can ready whatever they want, whenever they want.
  2. Each of these attempts is very well documented.  NSA's fingers were found in the cookie jar, without question.
  3. NSA's public statements need to be very carefully parsed.  I was at the Black Hat security conference and listened to NSA Director Alexander assure everyone that NSA analysts didn't just go joy riding through the data bases of stuff they collect from you and me; it was only hours later that the disclosure came out that, well, yeah they do.
So is this crypto on the up and up from NSA?  I don't know.  I'm sure not a crypto mathematician but their track record on trustworthiness leaves me wondering if they know something that we don't - a something that is classified so that they're technically truthful when they say there are no "known" (err, and unclassified) weaknesses.

Man, I'm so old that I remember when the NSA crypto nerds were the good guys ...

6 comments:

  1. This is more damning of "quantum computing" than anything else.

    Quantum computing is analog computing. It could be done more cheaply with hydraulics and a true random number generator.

    ReplyDelete
  2. Let's see who owns or sponsored all the "Super Computers" in America?

    3 letter agencies, military folks. Your tax dollars at work.

    The tiny amount I know about cryptology is computer power matters. Any encryption developed on a computer can be decrypted by enough computer power.

    So, does your encryption matter? Maybe if the folks trying to read it do not have access to enough computer power, like maybe your ex-wife or such.

    Maybe not if your "Interesting Enough" or data linked to someone who is very interesting. Like being on a targets cell phone number list?

    Otherwise, if it's electronic communications or AROUND electronics (LOOKING at You Alexi, Siri, most modern cars, computers, laptops, tablets, smart watches, cellphones (even off, cough) assume it's not a private discussion.

    Also think about the Weak Link issue, you might be careful in your chatter but is those listening to you have issues with OPSEC, anger issues, drug, Debt or alcohol issues, family members that have ah, liberal viewpoints?

    You might be careful about doing F2F with no electronics nearby (and just how far can your sophisticated cell phone THOUGHT Turned Off but..can listen in) but when your buddy passes that information on is he and his receiver doing in the F2F safety protocol?

    Just last weekend I was at a diner and noticed that Alexi could respond in a noisy diner to her "Name" and change radio channels from across a busy room. That implies ONE Alexia is ALWAYS Listening TWO her ability to decipher from a room full of noise and chatter is pretty freaking GOOD.

    Only in the "Free World" we buy our own electronic surveillance.

    ReplyDelete
  3. NSA: "We're from the government. Trust us!"

    Literally everyone else in the world: Pull the other one. It's got bells on it.

    ReplyDelete
  4. Well I know the NSA paid to have the heartbleed bug placed in the network software. What else does anyone need to know.

    ReplyDelete
  5. It's not the way to bet, is it?

    ReplyDelete
  6. Trust but verify comes to mind, except there is no way to 'verify'... sigh...

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.