Wertheimer:
"... In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable,"
Regrettable that the flaw was found is what you really mean, correct?
The NSA's former director of research Michael Wertheimer says it's "regrettable" that his agency continued to support Dual EC DRBG even after it was widely known to be hopelessly flawed. Writing in Notices, a publication run by the American Mathematical Society, Wertheimer outlined the history of the Dual Elliptic Curve …
"... In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable,"
I can think of better ways, in fact we are spoiled for choice:
"Cynical" immediately springs to mind
"Amateurish" given the way they handled it
"Wannabe Machiavellian" because it blew up in their faces, as was always likely
and many, many more
Looks like the NSA getting the cold shoulder they deserve from the standard bodies and industry groups is finally starting to bother them. If this is the start of charm offensive its off on the wrong foot.
PS: This dude in a few months when he gets desperate nobody is buying his bullshit.
http://www.youtube.com/watch?v=9u0EL_u4nvw
This post has been deleted by its author
Looks like the NSA getting the cold shoulder they deserve from the standard bodies
er..to be Frank, I haven't noticed any particular shift (yet) in the co-operation of some standard bodies with those members *known* to have multiple affiliations...it's completely business as usual
politically the Snowden allegations are still just allegations, and standards bodies are quite politically driven, thankfully, recently the UK Intelligence & Security Committee (ISC) did harrumph something relevant.
http://www.thebureauinvestigates.com/2015/01/11/thatcher-and-blair-cabinet-secretary-intelligence-committee-has-helped-public-by-confirming-gchqs-internet-tap-tempora-powers/
Lord (Sir Robin) Butler, said the ISC had “helped the public” by officially confirming what GCHQ repeatedly refuses to confirm or deny…
...the first official confirmation of GCHQ’s powers came only in November 2014, contained in the fine details of an ISC report into the death of Lee Rigby….The ISC has helped the public by putting a description of GCHQ’s capability in the public domain.
The Lord refused to talk about TEMPORA: “It seems to me that it is the capability which is the important matter for people to know rather than its codename.”
Lord Butler, was Cabinet Secretary & head of the Civil Service from 1988 to 1998, confirmed the committee had discussed GCHQ’s “no comment” policy with the spy agency, but declined to say anything further. Derek Smith, Cabinet Office press spokesman for the ISC also said the committee “will not be drawn” on the subject of the policy.
The ISC report says: “GCHQ … has access to communications as they move over the internet via the major internet cables. This provides the capability to intercept a small proportion of internet traffic.” The proportion of traffic accessed and processed by the agency is redacted.
Of course, the actual GCHQ intercept code-name is irrelevant as as soon as the public get to know it, then it is immediately changed. But as the dear Lord above has mentioned, you now OFFICIALLY know that your data might be stored in Cheltenham.
....a complete load of utter bollocks spoken by that man.
We have the Snowden files that show the NSA is actively trying to subvert crypto standards so who is he trying to fool? Oh, the mathematicians that for some reason he thinks are stupid enough to believe anything the NSA says again.
But here he seems like an incompetent liar - are we meant to think that he thinks he's sold this version?
"whoopsie, it was flawed and even though we hire more mathematicians than anyone else and pay well to get the best ones and historically have been years ahead of the disclosed state-of-the-art and were part of the committee discussing the flaws we somehow didn't notice them, our bad..." (blushes winsomely)
Presuming not, what's the real message being sold? We're not so ominous really, look how we do pratfalls like your drunk uncle? Ok, here's your excuse and no we *don't* give a shit because prior experience shows it doesn't matter what we say, the Admin/Congress won't reign us in?
Wertheimer argued:
The case doesn't prove the NSA is actively trying to subvert crypto standards, merely that a mistake had been made and then rectified.
It's like I'm really at the OJ Simpson trial.
He pointed out that the NSA was keen to fund more mathematical research
Of course.
and – post September 11 – this work was vitally needed
Because the Saudi trolls used hard crypto to run their show. It was totally not due to the utter ineptitude of the infighting TLA salad of the Heimland. Also, Saddam gassed his own people.
Carry on.
The case doesn't prove the NSA is actively trying to subvert crypto standards, merely that a mistake had been made and then rectified.
It's either malice or incompetence. As soon as Dual-EC DRBG was published, people pointed out that it had lousy performance and no known advantages over any of the other strong cryptographic PRNGs in use, even if it wasn't backdoored. So it was either deliberately broken or obviously substandard. It shouldn't have been published in the first place, and there aren't any circumstances under which the NSA could have continued to support it innocently, backdoor or no.
The same applies to RSADSI's inclusion of it (with the default points) in BSAFE. There simply isn't any excuse - it's complicity or failure to be sufficiently diligent.
"In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable."
You might want to run that through your internal parser a few times. It is a syntax error; but if it means anything, it means that he has no regrets at all over the failure to drop support for the rogue algorithm.
"Is there another secret NSA where all the clever people are hiding, or is this as good as it gets in terms of America's national security?"
It's the age old problem of no one smart enough to do the job properly is dumb enough to work for'em.
"As a record of history, Dr Wertheimer's letter leaves much to be desired, and could easily lead people to the wrong understanding . . ."
Sorry, what's the "wrong understanding"? I think it is leading people to the exactly correct "understanding" - that the NSA had whole fists in this pie and their actions were deliberate and the consequences (for the strength of the crypto) well understood.
Nothing - nothing - Wertheimer has said convinces me that this episode was a 'mistake' or indeed anything other than a deliberate attempt weaken (or provide outright back doors to) a cryptographic standard that was to be used by numerous companies and individuals. The relative crudeness of this activity can be seen as arrogance in a pre-Snowden world. Certainly the idea that a group so apparently committed to "advocating secure international standards" ignored research of their peers for some benign reason is laughable - or proves gross incompetence.
What we need to know to have even the slightest inclination to believe this drivel is the following:
"In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable."
If he is really, really telling the truth (this time, trust us) then I can think of a better word: incompetent. Massively, unforgivably incompetent. If the goal was really to provide as secure a cryptographic standard as possible then it's just not believable that the mathematicians, on learning of these flaws, wouldn't have informed the relevant people at the NSA. I believe that the mathematicians the NSA hires are very good indeed - they have to be - so I just can't see them not understanding the flaws. Therfore, the incompetence is squarely on those people who took that information and did nothing with it.
Again, that's if Wertheimer is indeed telling the truth.
More amusing is:
"Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to “undermine Internet encryption.” A fair reading of our track record speaks otherwise."
Clipper anyone?
A fair reading of your rack record clearly indicates that you have no regard either for the Constitution of your own country or for any sense or moral at all. You are just the visible tip of the iceberg of paranoia and ends-justify-the-means attitude that has forgotten what made the USA a great country and has brought it to a state one step above African dictatorships.
I'm not an expert on technical aspects, but I don't see why anyone would see the NSA (or any similar agency) as having any role in ensuring any data can be sent with absolute security. If the NSA knows some crypto is truly secure, they will never admit publically such a method is safe. So, any method the NSA recommend *has* to have been broken. It's that simple. I'm guessing RSA incorporated NSA-approved crypto components mainly to secure government business -- a win-win for the NSA.
The NSA's (and some of Congress') public comments are exemplary in their ability to say something while saying nothing. The massive data vault being assembled in (I think) Utah (and probably elsewhere) is absolutely designed to capture every packet of digital communications transmitted from all points of the world. The encrypted bits will get summarily decrypted and indexed, either through vulnerabilities or by brute force, in advance of any potential warrant for the content. The NSA likely thinks they can do this even with domestic communications because the end result is sealed from outside investigators until a warrant is presented (and it's a pretty low bar to get one). Meanwhile, I recall it only takes a 50.1% likelihood that the communications qualifies as domestic to give that modicum of protection.
I don't envy the NSA's mission though. They are trying to operate in a world where the public demands both absolute privacy and protection from destructive actors using these same protections to help execute truly evil things. But the laws protecting privacy (for U.S. citizens, at least) are just plain hollow. Our protections are in the hands of a few secretly appointed judges who do not understand what they are being asked and have no real public oversight. I doubt they've rejected a single application for a warrant. This is my biggest problem with the whole situation. The Congress also needs to stop being toothless, ignorant enablers of this secret court -- but Congress' credibility is nothing to crow about either.
The NSA should just stay out of the commercial security business and stay away from academic contributions because they have no standing or credibility. They should quietly listen on targets identified by a (eventual) transparent oversight process and make it easier for the constituent agencies to obey the law. As things stand today, there is *nothing* these agencies can't get away with. And that's probably what they all want.
Because the NSA's other major role is to advise its client - the US government and its armed forces.
Telling the chiefs of staff that the codes they use to protect their troops are faulty, you knew they were faulty or deliberately made them faulty in order to spy on facebook - is likely to get a response a little stronger than 'regrettable'
@YAAC
But this is the thing - this conflict was understood and that's why this area is the domain of NIST. The idea was to have a civilian organisation dealing with civilian matters - which government is. NIST sets the standards for the protection of government information, which is civilian information.
NSA is there for the armed forces.
The problem came when the Memorandum of Understanding was signed in n 1989, which had the effect of inserting the NSA into this process, specifically requiring NIST to consult NSA and, for all intents and purposes, rubber-stamp the recommendations of the NSA as though they were from NIST themselves.
That arrangement needs to end. Right now. If not sooner.
Thanks for that enlightening insight into the ever deepening corruption of our political system.
I can't think why radicals from a backwards culture think we are all corrupt. Until they wise-up, the public will always be in the firing line from both sides.
It is a mistake to paint all of NSA with one brush. The Signals Intelligence Division is the 'spooks' that we tend to think of. The IT Division is the computer jocks. And the Information Assurance Division is responsible for protecting US business and government from attackers of all kinds. To an extent, from what 8ve learned, IAD works somewhat at cross-purposes to SID. IAD really, really wants to make sure encryption is strong and systems are secure. I think they are the ones behind SE Linux, for example. And I think that division is also the one doing the research on new encryption methodology. Including a back door in the tools used by government, banks, the military, etc. is just asking for a foreign governed to discover and exploit it, which makes no sense whatsoever. So belief that NSA does this is probably more conspiracy theory and less rational observation.