New Al Qaeda Encryption Software
The Web intelligence company Recorded Future is reporting—picked up by the Wall Street Journal—that al Qaeda is using new encryption software in the wake of the Snowden stories. I’ve been fielding press queries, asking me how this will adversely affect US intelligence efforts.
I think the reverse is true. I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight. Last fall, Matt Blaze said to me that he thought that the Snowden documents will usher in a new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising. My guess is that this an example of that.
Autolykos • May 14, 2014 6:58 AM
Anyone paranoid but not completely clueless will probably cascade the homegrown stuff with a common and well-tested algorithm. But unless they are overlaying their stuff over a widely-used program without touching anything (like putting their “encrypted” files inside a TrueCrypt container), they are still likely to screw up their implementation…
Still pointless, IMHO. A simple AES->Twofish->Serpent cascade should be more than conservative enough for even the most paranoid guy out there. It is highly unlikely that even one algorithm is backdoored, let alone all three of them.
Ironically, it may be that Snowden did more for intelligence on AQ than all of the surveillance by NSA and friends combined.