Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] NYTimes and Guardian on NSA

Michael Rogers michael at briarproject.org
Fri Sep 6 15:10:08 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/09/13 19:25, Maxim Kammerer wrote:
> I don't see any evidence of said shift in priorities. NSA
> supported escrowed encryption in the 90's, and the alleged
> subversion of standards is most likely similar to escrowed
> encryption, but at the algorithmic level [1], where an adversary
> gaining access to key escrow requires computational / cryptanalysis
> effort that's equivalent to breaking the cryptosystem in question.
> 
> [1] https://en.wikipedia.org/wiki/Dual_EC_DRBG

Depends on what you mean by breaking the cryptosystem. Cracking all
instances of the Dual EC DRBG takes equivalent effort to cracking a
single instance of a backdoor-free elliptic curve cryptosystem.

http://rump2007.cr.yp.to/15-shumow.pdf

So the analogy with key escrow is a bit strained. With key escrow, the
adversary has to crack every key individually, whereas with a backdoor
the adversary only has to crack a single key to compromise all users.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSKlLAAAoJEBEET9GfxSfMr9cH/10ZDmMVU+izR62V3KgcKHOT
dJ+HwF0gkJ0FxeBd2xVA47XHbU3Shnni23XdJhS9l7YPlQdSGt07nu3O1srYALYg
a4vt/OCbkREov9F92OpAEsmkTFw0b2eE4+AwTjU5cJ6KnZ2zm7Fr312Z4m5D4SKQ
h2YNNzXimFCQ4GtTZvelqd7gYfpY7P6TFZWVz5uPqLAaX444Fo8ZsH6u6F4vlJMa
/gxDPjXS+5yPHHeYvsHjiiRBBcBYM4SfkmM2emuuOVOdmQOWmD4zRdHjXR82kYca
ZXpZnzXcfqZ5uma5n4tYXuexs+hjt88KCZQ5uBxwE8JMCxn0uyszsWHuazzrf6k=
=SzwW
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list