A Few Thoughts on Cryptographic Engineering: On the NSA

A Few Thoughts on Cryptographic Engineering: On the NSA: If you haven’t read the NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:

• Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
• Influencing standards committees to weaken protocols.
• Working with hardware and software vendors to weaken encryption and random number generators.
• Attacking the encryption used by ‘the next generation of 4G phones’.
• Obtaining cleartext access to ‘a major internet peer-to-peer voice and text communications system’ (Skype?)
• Identifying and cracking vulnerable keys.
• Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
• And worst of all (to me): somehow decrypting SSL connections.
• All of these programs go by different code names, but the NSA’s decryption program goes by the name ‘Bullrun’ so that’s what I’ll use mostly use here.