[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] How a Crypto 'Backdoor' Pitted the Tech World Against the NSA
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-09-25 6:33:10
Message-ID: alpine.DEB.2.02.1309250632530.24273 () infosecnews ! org
[Download RAW message or body]
http://www.wired.com/threatlevel/2013/09/nsa-backdoor/
By Kim Zetter
Threat Level
Wired.com
09.24.13
In August 2007, a young programmer in Microsoft's Windows security group
stood up to give a five-minute turbo talk at the annual Crypto conference
in Santa Barbara.
It was a Tuesday evening, part of the conference's traditional rump
session, when a hodge-podge of short talks are presented outside of the
conference's main lineup. To draw attendees away from the wine and beer
that competed for their attention at that hour, presenters sometimes tried
to sex up their talks with provocative titles like "Does Bob Go to
Prison?" or "How to Steal Cars – A Practical Attack on KeeLoq" or "The
Only Rump Session Talk With Pamela Anderson."
Dan Shumow and his Microsoft colleague Niels Ferguson titled theirs,
provocatively, "On the Possibility of a Back Door in the NIST SP800-90
Dual Ec Prng." It was a title only a crypto geek would love or get.
The talk was only nine slides long (.pdf). But those nine slides were
potentially dynamite. They laid out a case showing that a new encryption
standard, given a stamp of approval by the U.S. government, possessed a
glaring weakness that made an algorithm in it susceptible to cracking. But
the weakness they described wasn't just an average vulnerability, it had
the kind of properties one would want if one were intentionally inserting
a backdoor to make the algorithm susceptible to cracking by design.
For such a dramatic presentation -- by mathematicians' standards -- the
reaction to it was surprisingly muted. "I think folks thought, 'Well
that's interesting,' and, ‘'ow, it looks like maybe there was a flaw in
the design,'" says a senior Microsoft manager who was at the talk. "But
there wasn't a huge reaction."
Six years later, that's all changed.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic