Flutterby™! : compromised crypto

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

compromised crypto

2007-12-30 16:28:03.271075+00 by Dan Lyke 6 comments

"For years U.S. eavesdroppers could read encrypted messages without the slightest difficulty..." because they had a back door in Crypto AG machines, but Crypto AG is a swiss company that everyone trusted. A stellar example of why your crypto and voting devices all need to be both open source and developed in an open collaborative environment. (Via)

[ related topics: Free Software Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2007-12-30 22:15:30.691781+00 by: meuon

That's an incredible story, with very large implications. I would think this would be a very important real media news story, but it's probably a little obscure and technical for the mass media and general population. I get torn on stories like this, part of me wants to condemns the NSA for compromising Crypto AG and what a lot of the governmental world trusted for cryptography. Part of me says: Kudos, job well done, glad it was our side. If I only trusted our side a little more.

#Comment Re: made: 2007-12-31 05:08:29.656733+00 by: Dan Lyke

Yeah, it's very much a cross between "damn, I'm sorry this was compromised, it's good that we knew what the Iranians were doing" and "time to go audit the GPG source code myself".

#Comment Re: made: 2007-12-31 13:15:58.14806+00 by: Larry Burton

I have no problem with what the NSA did in this case. That is their job. However, Crypto AG should no longer be considered a credible company due to this.

To blame NSA for anything here would be like blaming a defense attorney for getting an alledged criminal acquitted instead of blaming the prosecution for not doing its job well enough.

#Comment Re: made: 2007-12-31 17:01:48.107371+00 by: meuon

I wonder what the market in home grown crypto will be. How many variations of ROT13 and PGP will be implemented. Personally, I'm thinking a one time pad translation using "Weird Al" audio tracks backwards might be commercially viable.

Makes me wonder about PKware's SecureZip and other products as well. Looking at the bright side, it might be a boon to the open source movement, and paid experts to evaluate such source code and compile it for a clients use. Getting crypto experts that aren't already comprimised might be a good trick.

Why is a black helicopter hovering over my house.. Maybe it's [[{{a88ssd!ATH0

#Comment Re: made: 2007-12-31 18:14:14.958136+00 by: Dan Lyke

So I'll note that neither of you responded to my request for setting up encrypted email, something that required surprisingly few switches on my email client...

And, yes, I agree with Larry that that's what the NSA is suppposed to do. If I were a shareholder in Crypto AG, however, I'd be livid.

#Comment Re: made: 2007-12-31 19:01:05.999432+00 by: Larry Burton

Dan, I lost interest in encrypting my email long ago. There just weren't enough people I regularly corresponded with that would use encryption for me to even remember to use it when I did correspond with those that were capable to decode the messages.