Jump to content
Tuts 4 You

Opening Discussion: Speculation on "BULLRUN"...


Teddy Rogers

Recommended Posts

Opening Discussion: Speculation on "BULLRUN"

Speaking as someone who followed the IPSEC IETF standards committee pretty closely, while leading a group that tried to implement it and make so usable that it would be used by default throughout the Internet, I noticed some things:
 
  *  NSA employees participted throughout, and occupied leadership roles
     in the committee and among the editors of the documents
 
  *  Every once in a while, someone not an NSA employee, but who had
     longstanding ties to NSA, would make a suggestion that reduced
     privacy or security, but which seemed to make sense when viewed
     by people who didn't know much about crypto.  For example, 
     using the same IV (initialization vector) throughout a session,
     rather than making a new one for each packet.  Or, retaining a
     way to for this encryption protocol to specify that no encryption
     is to be applied.
 
  *  The resulting standard was incredibly complicated -- so complex
     that every real cryptographer who tried to analyze it threw up
     their hands and said, "We can't even begin to evaluate its
     security unless you simplify it radically".
 
 
Ted.
  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...