This is what I was thinking of
"The documents show that the agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely.
Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006. " http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-secur...
I remember someone saying that there was an "open" standard being targeted in this way and I just put two and two together. I didn't seem possible for them to be the sole editor of a closed standard in this way, but maybe a weird "open" one I could see them targeting. It's all a bit over my head. Is this the same thing you two were referring too?
A x
On 25/10/13 14:16, Sam Tuke wrote:
On 25/10/13 15:10, Sam Tuke wrote:
Yes indeed. I just dug up some articles:
http://www.theregister.co.uk/2013/09/23/rsa_crypto_warning/ https://www.schneier.com/essay-446.html
Also: https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929
The solutions are pretty easy though - stop using RSA (most FS products already did this some time ago afaics), and use longer key lengths with elliptic curve cryptography (sort of obvious in the first place, but developers need to take note).
Best,
Sam. _______________________________________________ Manchester mailing list Manchester@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/manchester