I don't understand is why they would take such a complicated approach focused on trying to backdoor cryptography primarily intended for use by the US government rather than others. No one in their right mind is using FIPS, etc. unless forced to do it for that.
Conversation
I thought it was farfetched too. And then I found out that *every* product that used RSA BSAFE, the most popular crypto library of that time period, had exploitable Dual EC enabled by default.
I also found out that every Juniper NetScreen firewall sold after ‘08 did too.
2
4
I'm just a lot more inclined to believe they're severely incompetent and ended up pushing sketchy cryptography primarily for usage by the US government and US government contractors while damaging the reputation of US companies and their own.
2
1
Regardless of their motivation they damaged the reputation, economy and national security of the US while burning tons of money as usual. I'm pretty skeptical about their ability to keep something of this scale secret, at least if the people doing it understood the purpose of it.
1
1
They didn’t keep it secret. A guy named Snowden leaked most of the details. All we’re doing is trying to tie up a few loose ends.
1
2
Not saying that they haven't subverted cryptography but rather this seems overly elaborate along with it being openly tied to them from the start and primarily aimed at US government / contractor usage. I'm more inclined to believe they'd sneak a backdoor into OpenSSL than this.
2
1
They did get a variant of this into OpenSSL. A USG contractor paid for it.
2
2
So, it was for FIPS, and was anyone using it other than the US government / contractors? They *were* using across multiple products themselves, right?
1
I don't need to be convinced that they've tried to subvert cryptography but rather that they would approach it by openly and publicly tying themselves to it while pushing it primarily for US government / contractor usage, not others.
1
In OpenSSL it was for FIPS. For Dual EC and Juniper it was the default in all devices.
You plant a thousand flowers and hope that some will bloom. Some did bloom.
1
2
And I can see how that could fit together, but you're talking about it as if it's certain and as if you know Salter was involved in orchestrating it. So, she knew about it and agreed to take the fall for whatever happened since it was her name being attached to it this way?
It's too complicated and elaborate for me to be inclined to believe it without hard evidence. It requires them to be extremely competent and also extremely incompetent simultaneously, while being great at keeping things secret, which they clearly aren't.
I’ve been down every road and at the end of every road there is evidence of a crime.
Did a crime occur? I think so.
Did Margaret Salter commit it? I don’t know. Her name is on one of the (metaphorical) guns used to commit the crime.
My goal is to surface this. End story.
2
3
> Did Margaret Salter commit it? I don’t know. Her name is on one of the (metaphorical) guns used to commit the crime.
And I agree with you on that. It doesn't look good for her. It feels seriously wrong sending a mob after her based on what's known about it though. That's all.
1
1
Show replies