[dogma1138]

Damage security? They didn't damage the security of the products because of this, if anything you should take of is just how easily these products can be compromised in such manner.

All the NSA did is to steal keys which they can then use to interdict cellular communications, it's not like they put in a weakness by design and then exploited it (which they might have done in other operations but that's a completely different story).

This thing is no different than the digital signatures on the driver used by Stuxnet ("oddly enough" both companies which were compromised were in the same industrial park just a across of a shared parking lot from each other ;)).

Sadly this level of operation is plausible to be committed not only by private intelligence agencies (which we had too many off already) but by crime organizations as well. I've seen case of corporate espionage which were more complex than this one.

Instead of huffing and puffing at the NSA the proper lesson to learn from this is that cellphone carriers should stop relying on SIM card manufacturers in China and India for their encryption.

Heck if the NSA can interdict equipment in transit to tamper with it, how hard would you think does the Chinese intelligence service has to work to go down the street and just demand the keys straight from the source?

It's about a good damn time that people start asking questions on who has access to the private keys which are used in so many day to day operations from the keys used to authenticate your cable modem to the keys in the card reader you swiped your card trough at your local coffee shop. The answer to this should force quite a few people to live in a hunting lodge in Montana for sure.

I in fact would be very surprised to find a single mass used commercial cryptosystem which is actually secure. Because which each and everyone of those the keys to the castle end up being in the hands of the lowest paid employees out there and business practices will always force availability and serviceability over security.

[istvan__]

Everything can be compromised. It is just a matter of enough resources(money really). Finding a security bug and actively using it and do not expose it publicly is kind of damaging security because the bug can be used by other organizations as well. Writing Stuxnet is an entire different level. Actively deploying backdoors and compromise entire networks just to get to the target is a lot of collateral damage. Isn't it?

Actually there were certain projects got pushed back like the IDEA from ETH Zurich or ECC from University of Washington and other potentially vulnerable alternatives were promoted. ECC btw. is pretty strong for a very long time, even today, if you don't use the backdoored version...

http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A...

[dogma1138]

Eh? the NSA didn't pushed IDEA out, what pushed it is the fact that besides being actually substantially (esp. since 2013) less secure than AES and with poorer performance is that IDEA was a registered trademark and was under a full patent which meant implementing (prior to the patent expiration in 2012) was a nightmare.

I also hope that you don't insinuate that ECC was "invented" by UW since elliptic curve cryptography was known for quite a long time.

By the backdoor I assume you mean the whole NIST curves fiasco, well besides the fact that it was in use almost no where, if you speak to actual mathematicians you'll find out that it wasn't a big deal. The NIST curve was more about performance enchantment than backdooring, altough sadly for NIST and for the NSA it failed at providing both.

The big problems with ECC is that it's extremely susceptible to side channel attacks especially in embedded implementations, and that if you have the capability to use quantum computing for cryptanalysis then to break ECC you'll need only about 25-50% of the compute time/power than you would need to break RSA.

Also since ECC is asymmetric and quite resource consuming it's not really used in encryption as much as you think, sure it's good in any situation where you can use PKI but PKI is rarely used to encrypt actual data. The common uses of PKI are for authentication and initial key exchange data encryption whether it's in rest or in motion is usually based on symmetric encryption.