Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Good Overview Of What Is Still Secure?
- Date: Wed, 11 Sep 2013 00:15:45 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: [tlug] Good Overview Of What Is Still Secure?
- References: <522D26F5.5010408@dcook.org>
Darren Cook writes: > Just reading [1] on how the NSA/GHCQ have backdoors in HTTPS and > commercial VPNs. Well, all of the encryption standards are basically underwritten by the NSA. There are a couple of stories, one which has never been confirmed (that the security agencies have inserted weaknesses into encryption standards), and one which has been confirmed, that the NSA tweaked the DES slightly during development and prevented an exploit that was confirmed a decade later. It wasn't until the exploit was discovered that anybody knew why the NSA had recommended the tweak. I believe *both* stories.... > That article was a bit sparse on clear technical information; is it > too smug to think that, as someone using open source software > almost completely, this is Somebody Else's Problem? Way too smug. As I say, the NSA provides a lot of input into crypto standards, most of it clearly improving the algorithms on first sight. But you should assume that the Department of Dirty Tricks gets a veto over what the Bureau of Good Deeds gets to contribute to the standards. Worse, open source stuff is written by volunteers, and almost none of the actual distributions get vetted by the Bureau of Good Deeds. Recall the Debian SSH fiasco, where somebody removed what he thought was unnecessary code and reduced the space of keys that could actually be generated by Debian's distributed ssh-keygen to 16384 different keys (IIRC, it might have been a bit bigger, but definitely within brute-force cracking range). > Any suggestions for a good, up to date article that describes what is > potentially compromised, and what is still secure? Not off hand. The RISKs folks, Bruce Schneier's blog, stuff like that would be where I'd look. > Something at the level of someone who knows the difference between > their public and private key, and knows that sha256 is better than > md5 but if asked why would have to lamely tell you: "'cos I heard > clever people tell me so". You'll still be at that level when you're done. "Why" one is better than another is seriously hard math. The only thing that's likely to make any sense without a PhD (and that in the right kind of math) is that within a family of schemes more bits in the keys means better security. (But maybe you'll find it easier than me. I think of myself as moderately familiar what math, but maybe I'm kidding myself. I figured out how Diffie-Hellman works, but never did really grok RSA or any of the more modern algorithms for public key crypto.)
- Follow-Ups:
- Re: [tlug] Good Overview Of What Is Still Secure?
- From: Nikolay Elenkov
- Re: [tlug] Good Overview Of What Is Still Secure?
- References:
- [tlug] Good Overview Of What Is Still Secure?
- From: Darren Cook
- [tlug] Good Overview Of What Is Still Secure?
- Prev by Date: Re: [tlug] Good Overview Of What Is Still Secure?
- Next by Date: Re: [tlug] Good Overview Of What Is Still Secure?
- Previous by thread: Re: [tlug] Good Overview Of What Is Still Secure?
- Next by thread: Re: [tlug] Good Overview Of What Is Still Secure?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |