[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: [Cryptography] Juniper & Dual_EC_DRBG: Why Now?
From: Henry Baker <hbaker1 () pipeline ! com>
Date: 2015-12-24 0:25:42
Message-ID: E1aBtj3-0008DJ-I0 () elasmtp-curtail ! atl ! sa ! earthlink ! net
[Download RAW message or body]
At 08:05 AM 12/22/2015, Henry Baker wrote:
I'm seeing hands in cookie jars... Also,
> The louder he talked of his honor, the faster we counted our spoons...
>
> 'The U.S. officials said they are certain U.S. spy agencies themselves aren't \
> behind the back door'
> '... because of the sophistication involved' ;-)
>
> http://edition.cnn.com/2015/12/18/politics/juniper-networks-us-government-security-hack/index.html
>
> Newly discovered hack has U.S. fearing foreign infiltration
OK, I've tried to read all the reports & blogs about this to get some sense of what's \
happening here.
The best question of all: "why NOW?"
This dog has been sleeping for years; what woke him up?
My best guess: politics. Due to the looming possibility of Congress *requiring* back \
doors, someone at the NSA finally woke up & realized that backdoors for Comey & Vance \
would put the US more at risk than any possible advantage in intelligence. Another \
OPM caused by such a backdoor would get someone high up in the NSA fired -- even if \
it needed to happen in private.
In fact, just recently, a number of retired intel folks have said as much, but \
Congress & the Chicken Little prez candidates hasn't been listening.
(It also helps that the open crypto & security communities were fast closing in on \
this EC B.S.; make lemonade out of lemons by preemptively being the "good guy" here.)
So, whether NSA put the back door into Juniper or not, the NSA *knew about its \
existence* -- possibly by monitoring whomever else *did* know about it -- and so the \
NSA could easily cause this bug to get disclosed & hence fixed.
The NSA could always claim that the "just now found out about it", and was acting \
like the good guy by getting it fixed. It never has to acknowledge that it may have \
been using this vuln itself for years.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic