'[ISN] How a Crypto 'Backdoor' Pitted the Tech World Against the NSA'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] How a Crypto 'Backdoor' Pitted the Tech World Against the NSA
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-09-25 6:33:10
Message-ID: alpine.DEB.2.02.1309250632530.24273 () infosecnews ! org
[Download RAW message or body]

http://www.wired.com/threatlevel/2013/09/nsa-backdoor/

By Kim Zetter
Threat Level
Wired.com
09.24.13

In August 2007, a young programmer in Microsoft's Windows security group 
stood up to give a five-minute turbo talk at the annual Crypto conference 
in Santa Barbara.

It was a Tuesday evening, part of the conference's traditional rump 
session, when a hodge-podge of short talks are presented outside of the 
conference's main lineup. To draw attendees away from the wine and beer 
that competed for their attention at that hour, presenters sometimes tried 
to sex up their talks with provocative titles like "Does Bob Go to 
Prison?" or "How to Steal Cars – A Practical Attack on KeeLoq" or "The 
Only Rump Session Talk With Pamela Anderson."

Dan Shumow and his Microsoft colleague Niels Ferguson titled theirs, 
provocatively, "On the Possibility of a Back Door in the NIST SP800-90 
Dual Ec Prng." It was a title only a crypto geek would love or get.

The talk was only nine slides long (.pdf). But those nine slides were 
potentially dynamite. They laid out a case showing that a new encryption 
standard, given a stamp of approval by the U.S. government, possessed a 
glaring weakness that made an algorithm in it susceptible to cracking. But 
the weakness they described wasn't just an average vulnerability, it had 
the kind of properties one would want if one were intentionally inserting 
a backdoor to make the algorithm susceptible to cracking by design.

For such a dramatic presentation -- by mathematicians' standards -- the 
reaction to it was surprisingly muted. "I think folks thought, 'Well 
that's interesting,' and, ‘'ow, it looks like maybe there was a flaw in 
the design,'" says a senior Microsoft manager who was at the talk. "But 
there wasn't a huge reaction."

Six years later, that's all changed.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic