Hacker News new | ask | show | jobs
by damarquis 4736 days ago
Anonymous sources might be supplying real information but they could also be trying to manage beliefs.

Undoubtedly the NSA is ahead of everyone else in cryptanalysis but I think it is also advantageous for the NSA to have foreign governments think the NSA has a bigger lead than they actually do. This belief would cause foreign governments to use larger key sizes, and so drive up their costs, or switch to less well tested encryption methods that the NSA might be able to break.
1 comments
jlgaddis 4735 days ago
> ... but I think it is also advantageous for the NSA to have foreign governments think the NSA has a bigger lead than they actually do.

I would think it is more advantageous for the NSA to have others believe that it has less capabilities than they actually do.

The NSA is well known for its disinformation campaigns. Why wouldn't they try to make others (governments, end users, etc.) believe that they don't have the ability to break various key sizes.

This could provide a false sense of security to others and cause them to believe that, for example, a 2048-bit PGP key is more than sufficient when, in fact, it isn't.

link
damarquis 4735 days ago
I'm not arguing that there aren't situations where then spreading the belief that their capabilities are less than actual would be a good thing. If the goal is to break a specific subset of all encrypted messages then this is exactly what they would want.

But there are also situations where they would want the opposite. For example, suppose the NSA has no advantage in breaking RSA over public knowledge, but can easily break NTRU and their goal is to read as many encrypted messages as possible. Then if they can get everyone to believe they can break RSA but not any cryptosystem based on lattices then some people will switch to NTRU. Now its much cheaper for the NSA to achieve their goal of breaking lots of encrypted messages since they have a very efficient algorithm for reading NTRU encryptions.

(This belief could be spread simply by having an "anonymous but very senior" official talk to Wired about how the US government has made a major step towards building the first scalable quantum computer)

In short, what they should want the world to believe depends on their capabilities and goals. Without knowing those anything is possible.

link