Schneier on Security
A blog covering security and security technology.
« Software Security |
| Friday Squid Blogging: Squid Attacks ROV »
January 2, 2009
Another Recently Released NSA Document
American Cryptology during the Cold War, 1945-1989, by Thomas R. Johnson: documents 1, 2, 3, 4, 5, and 6.
In response to a declassification request by the National Security Archive, the secretive National Security Agency has declassified large portions of a four-part "top-secret Umbra" study, American Cryptology during the Cold War. Despite major redactions, this history discloses much new information about the agency's history and the role of SIGINT and communications intelligence (COMINT) during the Cold War. Researched and written by NSA historian Thomas Johnson, the three parts released so far provide a frank assessment of the history of the Agency and its forerunners, warts-and-all.
Posted on January 2, 2009 at 12:17 PM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Just read the bit on non-government cryptography (document 6, the page numbered 231). It's disturbing that at the time of the history, NSA still looks at public cryptography almost entirely as a threat.
I wonder if they've updated their calculations at all now that we're clearly threatened by the insecurity of nonmilitary SCADA systems and the like, and now that plenty of crypto smarts is coming from .
The history is misleading when it suggests prepublication review blocked very little -- it kept Khufu and Khafre from being published and that seems substantial.
It also says that in 1987, NSA suggested a more sophisticated successor to DES, but banks didn't want it. Is that public? NSA says Skipjack was developed in 1987, so that might be the algorithm they mean.
> ...now that plenty of crypto smarts is coming from .
Posted too soon:
Wonder if NSA has changed their calculations about secrecy now that plenty of crypto smarts is coming from *other countries* (differential cryptanalysis from Israel, linear cryptanalysis from Japan, AES finalists from the UK/Israel and Belgium, etc.).
@Randall "NSA looks at public cryptography as a threat"
Governments always see an informed public as a threat. It has nothing to do with security.
One of the clearest examples is from Britain in the early 1980s. A former assistant director of MI5 published his memoirs, "Spycatcher". The Brit govt tried to suppress the book in the UK even after it had been on the US bestseller list for weeks. The (then) Soviet Union could get the book just by sending an embassy staffer in Washington to the nearest bookshop. There was no possible security reason to ban the book in Britain after that. But they still tried, the point being to keep information from their own people, not from possible enemies. (They gave up in the end.)
Thanks for the link to this treasure trove. I was really happy to find some support for my belief that the NSA dwarfs the CIA, and my subsequent belief that the TSA and CIA are much closer in size than I would like:
Inter-Agency Rivalries (¶ 4)
"Unlike the CIA, where the Agency’s censors religiously delete all information concerning the size of the Agency’s staff and budget, considerable detail concerning the organization and manpower strength of NSA are revealed for the first time in Dr. Johnson’s history, confirming that the Agency for most of the Cold War was the single largest and most expensive component of the U.S. intelligence community (Book I, pp. 63-67; Book II, pp. 293-294). NSA reached its historic peak strength in 1969, with 93,067 military and civilian cryptologists working for the Agency and the three military service cryptologic agencies that were subordinate to NSA. (Book II, p. 293)."
Wonder if NSA has changed their calculations about secrecy now that plenty of crypto smarts is coming from *other countries* (differential cryptanalysis from Israel, linear cryptanalysis from Japan, AES finalists from the UK/Israel and Belgium, etc.)
Not new. Public key crypto was invented in the early 70s at GCHQ, but the guys in question weren't allowed by the UK government to publish. Who knows if the NSA guys did anything at all for the prizes and fame and cash other than Ctrl-C Ctrl-V? The UK-USA agreements are secret, and who imagines they aren't wildly unequal?
Perhaps we did something independent with it, but then, look at our political elite. Heath, Wilson, Callaghan, perhaps. Thatcher, Major and Blair? No way.
@Alex: Right -- other countries had brilliant cryptographers for a long time (since Turing!), didn't mean to downplay that.
What I mean is that the progress of the global *academic* crypto community has made NSA's restrictions on American crypto scholars seem quaint. Many of the things NSA sought to keep secret -- like linear and differential attacks -- are now public thanks to non-US scholars who don't have to bother with NSA review.
If the NSA continues to hassle American cryptographers to keep things secret while the rest of the world's scholars publish freely, that's like guarding the front door when the back is wide open (and the pet cat has long since escaped).
Well the TLAs still but in to reduce the security of ordinary citizens. There should be strong end to end encryption in all cell phones (since they already have built in computers), but there isn't.
"Governments always see an informed public as a threat"
Many tend to use terms like threat and risk interchangeably, as even Bruce tends to do in his books, but a threat is by definition a bad thing whereas risk involves potentiality/probability. The subtlety is important when calculating and applying security measures. Is "informed" really always bad to governments? Governments are known to use propaganda to inform and create a non-threatening public, for example. This is a countermeasure to address the hostile, angry or alienated public, which would be a threat. In other words, threats usually have some aspect of harm or danger within their title (e.g. organized crime, cracker, revolutionary) rather than a neutral term/agent like "informed". So unless the term has an implicit negative meaning, I'd say governments see an informed public as a risk because there is always a threat of instigators, revolutionaries, etc.
"Governments see an informed public as a threat."
Consider government's view of the 2nd Amendment; if that had been interpreted as freely as the speech clause of the 1st Amendment, we not only be able to own all manner of military-grade weapons, but encouraged to do so.
Strong crypto in the hands of an informed public is much the same: if "we the people" ought to have it, in government's eyes, then great. But because we might "plot against" the government, then we may not have it, even if all we are needing it for is to be secure in our personal communications, including, but certainly not limited to, banking and other financial transactions.
How long did it take the RSA algorhythm to be known (another of the off-shore inventions), and put to use? And why was DES limited to only 128 bits?
To quote a bard of our times: "Things that make you go 'Hmmmm?'"
Forgot how to spell, there.
Des was limited to have 56 bits keysize, and aes was limited to have 256 keysize, and should work with 128, 196 and 256 keysizes. Also didnt nsa didnt play a role in developping des except for making it stronger against the diferentianal analysis by giving hints and convincing ibm that a 56 bit keysize would be strong enough to put away attackers till 1990 with attacking power calculated by mores law. After that the "licence" of des got expanded by nist, not nsa. although they may have played a part in it.
Public cryptography can been seen as a risk as terrorists will surely use anything they can to keep their secrets secret. The terrorists who bombed the twin towers had their plans encrypted in pgp with strong keys. NSA would never be able to crack it in time as brute forcing would take to long and the underlying ciphers were used with random sesion keys.
PS RSA is invented by a group of 3 american cryptographers who did what nobody thought to be possible.
PPS forgive me my spelling, english is not my natural language and I have dyslexia.
@sempf1992: You wrote, "The terrorists who bombed the twin towers had their plans encrypted in pgp with strong keys."
Would you kindly post the source for this info? I'd like to check it out.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.