Absurd as this may seem given the current revelations about how the NSA is spying on everyone all the time, but there was a time when the NSA was indeed entirely trustworthy. As an example let’s take this latest revelation that the deliberately encouraged, indeed paid, RSA to use a weak and breakable random number generator in their products. An action that left encryption insecure and of course also the NSA as the first people to know this. We do rather have to hope that they were the only people who ever knew this as well.
Don't Miss: Sam's Club Black Friday 2016 Details
Here’s my colleague, Richard Stiennon, with the latest:
Developments this week support the notion that the NSA is seeking to compromise security systems, especially crypto systems. First, this report from Reuters claims that RSA, the security division of EMC, accepted a $10 million payment to make the flawed random number generator, DUAL_EC_DRBG, its default in its BSafe encryption suite. Documents from Edward Snowden had earlier revealed that the NSA had influenced the NIST process to get this “backdoor” approved as a standard.
The thing is, there was in fact a time when the NSA was trustworthy: indeed, a time when they managed to make security standards much higher and without introducing any backdoors either.
IBM developed DES. The NSA recommended some changes which IBM implemented – changes to the S boxes and SHORTENING of the key length. For 15 years there was speculation that the NSA had recommended those changes to weaken it. When ‘differential cryptanalysis’ was publicly discovered, it was found that the NSA’s changes had strengthed DES significantly versus IBM’s original implementation – even despite the smaller key length.
Specifically the S box changes, had that not been made, would have left it very vulnerable to that type of attack. Thus demonstrating, that at that time at least, that the NSA was at least 15 years ahead of the state of the art in the public sphere. With all the funding they’ve received in the past decade, they’re probably even further ahead now.
Tempus mutandis etc.
It would actually be interesting to try and track back along the various timelines and see when it was that the NSA made the switch. It’s hardly an uncommon observation (it appears in C. Northcote Parkinson from the 1950s for example) that after some period of time a bureaucracy, any bureaucracy, will become a vehicle simply for the survival and expansion of that bureaucracy. Oh, it might have started out just great, doing what it was supposed to be doing and actually having as its corporate goal that task that it was set. But Parkinson at least said that it’s an immutable rule that after some period of time, a period never precisely defined, the goal does become simply the maintenance and expansion of the budget and staffing levels of that bureaucracy.
It could be simply that our real problem here is Parkinson’s Law.
Don't Miss: The Best HDR TVs