[cryptography] Bruce Schneier on BULLRUN and related NSA programs
iang at iang.org
Fri Sep 6 06:01:54 EDT 2013
On 6/09/13 10:49 AM, coderman wrote:
> select quotes from
> "The NSA Is Breaking Most Encryption on the Internet"
> Remember this: The math is good, but math has no agency. Code has
> agency, and the code has been subverted.
> Bruce Schneier • September 5, 2013 7:32 PM
> "You recommended to 'Prefer symmetric cryptography over public-key
> cryptography.' Can you elaborate on why?"
Some of us have been saying this for a while. E.g.,
" #2.4 Avoid Public Key Cryptography like the Plague
Public key cryptography is the kiss of death to simplicity. The problem
is that it is not simple, not amenable to KISS, and full of traps that
will swallow a battleship. Although the very basic idea is
understandable and elegant, none of the instantiations of public key
cryptography can create simple interfaces that are free of minefields.
> It is more likely that the NSA has some fundamental mathematical
> advance in breaking public-key algorithms than symmetric algorithms.
It is more likely that the implementors made a mistake. This can be
seen also in that all the symmetric algorithms are amenable to black-box
and deterministic testing, whereas the asymmetric ones are not so amenable.
Oh, and forget the key sizes. This is not about the key sizes.
More information about the cryptography