[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Is the NSA competent?
An anonymous author writes:
> For all their vaunted competence, for all the mathematicians
> they have been alleged to employ, despite having a cryptography
> budget orders of magnitude larger than any other Western
> crypto group, it looks like the NSA contribued to _none_ of
> the major advances in cryptography that occured during its zenith.
I think that this message betrays a serious misconception that a number of
people likely share, and that has to do with the levels of security offered by
commercial versus military methods.
NSA has never portrayed themselves as having any role in the creation of
commercial systems until recently (the last few years) when in-fighting
developed between their organization and NBS now NIST (NSA wanted DES to remain
the standard, NBS wanted to change). NSA-CSC will evaluate commercial security
products to give them an Orange Book rating (a rating which was meaningless when
it was created, thanks to viral/worm technology), but keep to themselves as an
arm of the military. The cryptosystems that the anonymous author notes are all
commercial level systems; NSA concentrates on cryptosystems that have greater
requirements than the free market. It is widely rumoured that they had public
key systems for secure key management before Diffie-Hellman. Their role in
engineering the S-boxes for FDES is documented.
The assistance they gave to commercial organizations to provide system
integration style 'one shot' systems for military use created a number of
companies, such as the Honeywell Secure Computing Technology Center, as well as
a number of DARPA funded groups such as Cray and Thinking Machines.
As the saying in the intelligence community goes, their successes are never
known, but they will always be judged by their failures. Don't assume that you
have probed the depths of the NSA's abilities by their unwillingness to play on
the commercial playing field; underestimating an opponent will lead you into
gross miscalculations.
Michael Wilson
Managing Director, The Nemesis Group
[Today's Fun Math Problem: Given an exhaustive search method, how long would it
take to discover the key of a standard DES financial transaction using four
Connection Machines? There are more than that in the basement at Fort Meade, or
at least they purchased that many during the time period they used the Maryland
Procurement Office to buy them.]