[cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated

grarpamp grarpamp at gmail.com
Tue Feb 17 18:38:30 EST 2015


>>>> Here's an interesting comparison.  Most academic cryptographers believe
>>>> that the NSA has lost its lead:  While for years they were the only ones
>>>> doing cryptography, and were decades ahead of anyone on the outside, but
>>>> now we have so many good people on the outside that we've caught up to,
>>>> and perhaps even surpassed, the NSA.  I've always found this reasoning a
>>>> bit too pat.  But getting actual evidence has been impossible.
>>>
>> What evidence is there for this?
>
> Snowden saying "encryption works."

This is probably quite true... from his particular vantage/access point
and social network. Yet however much we may know about that side
being relatively open and shary and the capabilities there, it is not an
exclusive answer to the crypto question. None of the Snowden docs to
date are or show any real details about the crypto side of the house. He
either had no interest (unlikely), had no time, found it too risky (whether
to pull off without being caught, or over concern about some element of
grave damage), or simply had no access.

> FBI complaining about going dark, we need backdoors - they only ever
> complain at that level as proxy for NSA, and same complaint is repeated in
> rapid succession in UK, DE.

These sort of things may be important indicators. Yet to prove
them as such you'd also have to analyse the history of
FUD making, grab attempts and so on to interpret.

It could be that selective crypto is not dark, but merely expensive
to scale into being "see all" as desired with the old in clear. So
you would have to analyse the costs there. Electricity, rainbow
disk storage, real estate, cooling. How do you know the disk
makers and their suppliers do not have black wing budgets. Or
that there is not a multi billion fab lab buried under some mountain
powered by a ground radiator / aquifer cooled nuke reactor?

> This is exactly how organizations win over smart individuals:
> They build a database of expertise over many years, and they are
> patient and can keep at it indefinitely.

Yes, that's one... who is tracking where all the brilliant maths and
others go after high school? The student names in known friendly
colleges and programs? The ones that seem to drop from the
public scene? What media is publishing interviews with them?
Where are known adversary retirees that may have something
to say when invited?

>> It's not that I have evidence the other way.  We just don't know.

> At one level, this all comes down to your model of science.
> ...
> thinking of the question as a murder investigation - clues, hypotheses,
> correlations, etc.

To know the adversary you must continual analyse all potential
aspects, and not just aspect itself but their inputs, dependencies
and output/result chains. Then maybe you can answer some
questions. After all, the adversary is doing analysis upon you.

> Right.  I'm surprised Android sells any phones in USA market.

It's surprising that maybe no one has yet reverse engineered the binary
blobs/drivers in android to provide a fully open software stack there.
And although more difficult, same goes for the firmware blobs.
Regardless of effectiveness, it would show market demand.

>> New models for large
>> corporations only started to arise in the late 1960's, with the development
>> of so-called "knowledge organizations".

Knowledge, and knowledge dichotomy within capacity of biology as
a whole to adapt evenly, seems quite a potential for scary outcomes...

http://yro.slashdot.org/story/15/02/17/2229240/oregon-residents-riled-over-virtually-staff-free-data-centers-getting-tax-breaks
http://science.slashdot.org/story/15/02/17/030208/game-theory-calls-cooperation-into-question
http://yro.slashdot.org/story/15/02/17/0025237/att-to-match-google-fiber-in-kansas-city-charge-more-if-you-want-privacy
http://tech.slashdot.org/story/15/02/16/2332217/the-software-revolution

>>> In sum, I'd say they are ahead in the pure math, but you'd be hard
>>> pressed to find an area where it mattered.
>>
>> Maybe.  It's really impossible to say.  Two days ago, I would probably
>> have agreed with you.  Now ... I'm not so sure.

As with Google, they hire a lot of Maths and others, and have been
at it for decades longer. Even generations of maths born into now.

There is too much silence from these workers.
Especially when society could probably get along just
as well without so many organizational level secrets
everywhere (wars), and now potentially against peoples
if you believe that sort of thing.

More Snowdens Please.


More information about the cryptography mailing list