[cryptography] Bruce Schneier on BULLRUN and related NSA programs

ianG iang at iang.org
Fri Sep 6 06:01:54 EDT 2013


On 6/09/13 10:49 AM, coderman wrote:
> select quotes from
>
> "The NSA Is Breaking Most Encryption on the Internet"
>     http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
>
> """
> Remember this: The math is good, but math has no agency. Code has
> agency, and the code has been subverted.


Nice quote!

> Bruce Schneier • September 5, 2013 7:32 PM
>
> "You recommended to 'Prefer symmetric cryptography over public-key
> cryptography.' Can you elaborate on why?"


Some of us have been saying this for a while.  E.g.,

" #2.4 Avoid Public Key Cryptography like the Plague

Public key cryptography is the kiss of death to simplicity. The problem 
is that it is not simple, not amenable to KISS, and full of traps that 
will swallow a battleship. Although the very basic idea is 
understandable and elegant, none of the instantiations of public key 
cryptography can create simple interfaces that are free of minefields.
..."


http://iang.org/ssl/h2_divide_and_conquer.html#h2.4



> It is more likely that the NSA has some fundamental mathematical
> advance in breaking public-key algorithms than symmetric algorithms.



It is more likely that the implementors made a mistake.  This can be 
seen also in that all the symmetric algorithms are amenable to black-box 
and deterministic testing, whereas the asymmetric ones are not so amenable.

Oh, and forget the key sizes.  This is not about the key sizes.


iang


More information about the cryptography mailing list