[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reply to Tim May's comments
Tim May wrote (reply comments offset by leading '***'):
Subject: Re: 'Black' budget purchases
Michael Wilson writes:
> The data from the Maryland Procurement Office that is stored in certain
> databases (and removed from others, as I have just discovered when I checked)
> provides the complete 'black' budget purchases of the intelligence community,
> not just their purchases of supercomputers. Such raw data goes a long way
> towards confirming other bits of intelligence, such as the establishment by
NSA
> of its own chip manufacturing facility owing to a lack of trust in
undocumented
> sections of commercial silicon. This data is useful beyond knowing the
numbers
That the NSA contracted National Semiconductor to build a facility
on-site has been common knowledge since 1989-90. The fab is not state
of the art (i.e., is not 1.8 micron or better) and is believed to be
used for the very reasonable purpose of producing keying material in a
secure environment (ROMs, PROMs, fuse-linked micros, PLAs, etc.). It
is unlikely--but possible--that high-performance micros are being
manufactured there.
*** We were tracking NSA purchases of material over a decade ago; as for their
usage of the technology, my statement was simply that they felt, after serious
analysis, that they couldn't trust commercial silicon. The issue was trust, not
computation power.
> of supercomputers available (although it does help provide an upper boundary
on
> raw processing power, useful for quantifying tolerances).
>
> What we find interesting regarding the number of supercomputers at NSA is what
> they do to the keyspace; a supposition of ours from the early period of
> commercial public key was an attack on the domain of potential keys. Given a
> known keylength, a powerful systematic search for primes that fit that range
> can, over time, begin to damage the strength of the system. Careful analysis
of
This is nonsense. A typical 1024-bit RSA system uses p and q close to
512 bits each, e.g., 511 and 513. Whatever.
Now a 512-bit number is a 150-plus decimal digit number. About .5-1%
of all of these numbers are prime (by the Prime Number Theorem, or
somesuch...about 1/N of all N-digit numbers are prime, as I recall).
How big a keyspace is this to start searching "systematically"?
Considering that there are "only" about 10^73 particles of all kinds
in the entire universe (based on our best estimate of the size of the
universe, the density of galaxies, gas clouds, etc.), this means that
if every particle in the universe were searching for and recording the
primes they discovered, each particle would have to store 10^77
primes!
So much for "a powerful systematic search for primes that fit that
range."
*** You assume that your selection of primes is random; it is the case,
particularly in the initial usages of public-key systems, that attacks could be
made on keyspaces based on the prime generation method. A point that
number-crunch jockeys tend to forget is that psychology and systems analysis
provide greater in-roads against secure systems than brute force.
> technical resource also allows one to speculate--are CM platforms (pardon the
> pun) used for exhaustive systematic search for keys, while Cray systems are
used
> for attacks on the keyspace? Differentiation of parallel versus scalar
> processing towards attack domains is interesting.
"Parallel versus scalar processing"? Parallelism means nothing at
these scales...see the above point.
*** Your point is orthogonal to our point. The two systems are used for
different attacks--parallelism can be used for exhaustive search, such as for
DES keys, while scalar processing can be used for testing primality.
> Michael Wilson
> Managing Director, The Nemesis Group
> The Adversary
--Tim May
*** TNG