|
|
|
|
|
|
by mike_d
1941 days ago
|
|
|
> Crypto AG had their cryptographer employees continually find security flaws only to have upper management tell them to work on something else I would be very interested if you could share accounts of this happening. From the declassified documents I have studied the Crypto AG "backdoor" consisted of misleading customers that less complex models (with smaller keys) would be suitable for their communications, working with the NSA to word end user documentation in a way that makes it unclear how important specific settings are, and providing technical designs to the NSA for review. At no point do I believe there was a security flaw that an employee would have found that would have compromised the operation, since it was simply a series of steps that weakened the strength of the encryption from "mathematically impossible" to "requires a purpose built supercomputer." This route provided plausible deniability to everyone involved (remember that other cryptographers also evaluated Crypto AG products and would work to secretly exploit any flaws they found "for the bad guys"). Interestingly before the CIA/BND deal, the French attempted to secretly buy the company and do the exact same thing. |
|
|