|
|
|
|
|
|
by vmception
1944 days ago
|
|
|
Its good they are sounding the alarm, for example, Crypto AG had their cryptographer employees continually find security flaws only to have upper management tell them to work on something else, only to find out after 50 years that it was a CIA operation selling backdoored products to nation states. With nothing being outside the realm of possibility, removing the need for trust should be priority number one. |
|
|
I would be very interested if you could share accounts of this happening.
From the declassified documents I have studied the Crypto AG "backdoor" consisted of misleading customers that less complex models (with smaller keys) would be suitable for their communications, working with the NSA to word end user documentation in a way that makes it unclear how important specific settings are, and providing technical designs to the NSA for review.
At no point do I believe there was a security flaw that an employee would have found that would have compromised the operation, since it was simply a series of steps that weakened the strength of the encryption from "mathematically impossible" to "requires a purpose built supercomputer." This route provided plausible deniability to everyone involved (remember that other cryptographers also evaluated Crypto AG products and would work to secretly exploit any flaws they found "for the bad guys").
Interestingly before the CIA/BND deal, the French attempted to secretly buy the company and do the exact same thing.