From: Justin Mason (jm at domain jmason.org)
Date: Mon 17 Sep 2001 - 02:44:25 IST
Ronan Cunniffe said:
> > The British and the French thought the same thing about enigma, til the
> > Poles found two massive weaknesses in it...and didn't tell the people
> > using the tech (the germans) that it was insecure.
>
> It *wasn't* insecure. They were using it incorrectly (according to
> Singh's book). Things like encoding the message key twice at the
> beginning of the message, allowing the operator to choose the message key,
> occasionally sending a message in an older or weaker code because the
> recipient didn't have the latest codebooks, 'cribs' (guessed plaintext,
> e.g. "Heil Hitler"[1]), etc.
But that's partly the point -- a good algorithm can be made breakable by
insecure uses of it, for example when an attacker can make assumptions
about what data is being transmitted; this allows a known-plaintext attack
(cribs), etc.
A few of those and an attacker can greatly reduce the time needed to break
a given message. Singh's book provides great examples.
Typically when you use crypto, you're not using just the algorithms --
you're using a tool which *uses* the algos itself internally. Then the
security of the system depends on the system as a whole, and weaknesses
in the traffic sent or weaknesses in the surrounding code (user interface,
access to disk/memory, possible bugs in the code) can make or break the
whole system *regardless* of how secure the algorithm is.
> > It's quite possible that 1024bit ssh keys have already been
> broken.
>
> I doubt it. Instead of accepting some venduh's proclamation that the
> scheme is unbreakable (as happened with Enigma), people are calmly and
> systematically trying to a) break the SSH algorithm, b) find ways of
> extracting data without needing to break it, c) break a given
> *implementation* of SSH, d) find weak keys in SSH, e)....
>
> There's no guarantees in crypto, but as the public crypto effort gets
> close to the military crypto in scale, the chance of the NSA or GCHQ or
> whoever being *way* out in front drops.
The openness of the SSH system is definitely allowing a lot of
cryptanalysis and general security analysis of the protocol and tools,
which is certainly increasing its security. It's a great demo of how
openness about crypto *increases* its security, alright.
BTW, just to weigh in, I would not underestimate the NSA's cryptanalysis
capabilities. Apparently, they're having difficulties keeping up with the
massive volume of traffic they intercept nowadays, but they certainly do
(or used to) hire a massive volume of mathematicians, so there's no doubt
they expend massive man-hours working on cryptanalysis of various
algorithms.
Also I seem to recall reading in the early 90's about a guided tour the
NSA used to have around one of their facilities, featuring a prototype
optical computer; so they were looking into keeping ahead of the field in
those days at least... (can't find any refs online now though.)
In passing -- apparently Perl was written by Larry Wall for the NSA [1]:
Prehistory: In 1986, Larry Wall was working as a systems administrator for
a subsidiary of Burroughs. He was also working on a "secret project for
the NSA" which was to synchronize and report on data between computer
systems in Santa Monica, CA, and Paoli, PA. Nothing existed at the time to
do this very complex task, so Larry had to 'hack' something new together.
He called the resulting scripting language Perl -- the Practical
Extraction and Reporting Language.
[1]: http://www.theoretic.com/bazaar/oal.html
Thanks NSA ;)
--j.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:09 GMT