[Infowarrior] - How To Sabotage Encryption Software (And Not Get Caught)

Richard Forno rforno at infowarrior.org
Fri Feb 27 12:16:28 CST 2015


How To Sabotage Encryption Software (And Not Get Caught)
• By Andy Greenberg  
• 02.27.15

In the field of cryptography, a secretly planted “backdoor” that allows eavesdropping on communications is usually a subject of paranoia and dread. But that doesn’t mean cryptographers don’t appreciate the art of skilled cyphersabotage. Now one group of crypto experts has published an appraisal of different methods of weakening crypto systems, and the lesson is that some backdoors are clearly better than others—in stealth, deniability, and even in protecting the victims’ privacy from spies other than the backdoor’s creator.

In a paper titled “Surreptitiously Weakening Cryptographic Systems,” well-known cryptographer and author Bruce Schneier and researchers from the Universities of Wisconsin and Washington take the spy’s view to the problem of crypto design: What kind of built-in backdoor surveillance works best?

Their paper analyzes and rates examples of both intentional and seemingly unintentional flaws built into crypto systems over the last two decades. Their results seem to imply, however grudgingly, that the NSA’s most recent known method of sabotaging encryption may be the best option, both in effective, stealthy surveillance and in preventing collateral damage to the Internet’s security.

“This is a guide to creating better backdoors. But the reason you go through that exercise is so that you can create better backdoor protections,” says Schneier, the author of the recent book Data and Goliath, on corporate and government surveillance. “This is the paper the NSA wrote two decades ago, and the Chinese and the Russians and everyone else. We’re just trying to catch up and understand these priorities.”

The researchers looked at a variety of methods of designing and implementing crypto systems so that they can be exploited by eavesdroppers. The methods ranged from flawed random number generation to leaked secret keys to codebreaking techniques. Then the researchers rated them on variables like undetectability, lack of conspiracy (how much secret dealing it takes to put the backdoor in place), deniability, ease of use, scale, precision and control

< -- >

http://www.wired.com/2015/02/sabotage-encryption-software-get-caught/

--
It's better to burn out than fade away.



More information about the Infowarrior mailing list