Re: NSA enhancing Linux security?

From: Billy O'Connor (billyoc_at_gnuyork.org)
Date: 02/28/04 

Date: Sat, 28 Feb 2004 03:13:31 GMT

Carlos Moreno <moreno_at_mochima_dot_com@xx.xxx> writes:

> The thing is, they could outsmart us all... Not with a "bug"
> that passes for legitimate code (like the recent thing with
> the = in a condition that checked if the user was root -- and
> indeed was *assigning* user = root), but rather something that
> involves algorithms that could have a back door hidden behind
> deep mathematical trickery (I come back to the example of
> DES encryption -- or rather to the alleged possibility that
> the S-boxes could have been designed such that there is one
> secret -- and almost impossible to discover -- mechanism to
> decrypt data without the key).
>
> Then again, I would like to trust that the kernel development
> community would not accept additions from the NSA that include
> complex cryptographic algorithms... I would really hope that
> they would know better :-)

That's my hope too, because if they don't, we're done for anyway.
But I think that the NSA, if they wanted to pull off a stunt like
that, would just submit their patches via an innocuous looking third
party, rather than emblazon their logo all over the thing. :) 

-- 
It's no longer a question of windows or GNU, it's a question of *Unix* or GNU.

Relevant Pages

  • Re: Is PGP government-proof anymore?
    ... but I would also imagine that PGP messages are not NSA proof. ... not the algorithms it uses. ... that governments have at their disposal, this isn't that big a deal. ...
    (sci.crypt)
  • Re: Wikipedia "Cryptography" reaches Featured Article status
    ... NSA has characterized DES as one of their biggest ... If NSA had always before used to force their algorithms into silicon ... chips with special "coating", that would clearly tell that NSA did not ...
    (sci.crypt)
  • Re: NSA Type 1 Signature
    ... Type I algorithms are those algorithms designated by the NSA as Type I, ... endorsed by the NSA for securing classified and sensitive U.S. Government ... but not published as a Federal Information Processing Standard ...
    (sci.crypt)
  • Re: NSA enhancing Linux security?
    ... >>when we're talking about the NSA. ... > code review that the kernel goes through, ... complex cryptographic algorithms... ...
    (comp.os.linux.security)
  • Re: NSA chooses ECC
    ... public-key algorithms *instead* of secret-key algorithms, ... it is blowing away from security. ... algorithms can do things that secret-key algorithms cannot, ... not in any way too complicated for the NSA to understand. ...
    (sci.crypt)