Hacker News Comments on
Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age
·
8
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this book.There's a very amusing epilogue in Steven Levy's "Crypto" [0] about the fact that either RSA or Diffie-Hellman (I've forgotten which) was in fact known to the intelligence services for 10+ years prior to its re-discovery among public researchers. These are people who are very good at keeping secrets.[0] https://www.amazon.com/Crypto-Rebels-Government-Privacy-Digi...
⬐ schoenhttps://en.wikipedia.org/wiki/Public-key_cryptography#Classi...Both, but neither for as long a period of time beforehand as you remember.
⬐ _dpsAha! Good correction, thank you. I must have been remembering how long the discovery remained classified, not how long it predated the public discovery.
Public Key crypto was discovered by GCHQ (and then given to the NSA) several years before it was publicly discovered by Diffie-Hellman and RSA. I think this was to avoid having to have the symmetric keys under armed guard. The public discovery is also what kicked off the 'crypto wars'. I'd be surprised if modern nation state intelligence communities found symmetric encryption sufficient.A lot of interesting information about the history I learned from Steven Levy's crypto: http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
⬐ mindslightOh yeah, I'd forgotten about Cocks. Blame my selective memory for withholding credit from people who don't share.Spooks would of course welcome any discovery, and asymmetric crypto does solve problems for them (getting government crypto distributed as wide as possible). I am saying purely symmetric is "sufficient" for their core functionality - the communications that really need to be secret. Coupled with the head start before asymmetric was even discovered, that is where their focus is going to be.
Put another way: if you were in charge of securing communications and had to prioritize resources, would you rather research a trustworthy asymmetric algorithm or a trusty symmetric algorithm? Likewise if you wanted to snoop on others' communications, would you prioritize breaking symmetric or asymmetric techniques?
The history of crypto in the US is actually much more interesting than that and for a time exporting any crypto tools was a felony (exporting munitions).Steven Levy's book goes into pretty good detail about this: http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
At the time the NSA was not pleased about the release of DES and was also very concerned about PGP. There were attempts at laws requiring key escrow available to the NSA among other restrictions on foreign key size etc. It wasn't really until the late nineties that this stopped. For a time they would probably have liked to ban all citizen encryption all together, but it became obvious that this couldn't be enforced (and it's necessary for things like e-commerce).
A lot of early crypto based patents and research were retroactively classified - there was a big historical legal battle to get things where they are today.
The definitive account is Steven Levy's book "Crypto":http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
The answer is simple - everyone is being spied on. Not to tinfoil hat the issue but: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/ EEEVVERYONEIf you want to really get a feel for the situation, read Crypto: http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit... It's a book about how cryptography was finally accepted and allowed in the U.S., and how the NSA handled the growth of everyday crypto (hint: not without a fight).
It's not about a government agency trying to control everything and turn the U.S. into 1984, it's about an agency getting swept up in their own mission of secrecy and surveillance, and sometimes (in my opinion) using it as an argumentative technique to advance their agenda. This is just another obvious example of that.
I highly recommend In the Plex to anyone on Hacker News interested in tech folklore. I'm sure even Googlers would find stories they hadn't heard before. The story of Google is an epic story fit for Homeric interpretation.Steven Levy also wrote the excellent Crypto which covers the emergence of strong public cryptography. It is not a story of accidental discovery, but about active sabotage by the NSA and perseverance by a number of visionaries like Whit Diffie and Martin Hellman working under the radar and outside the mainstream.
http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
⬐ cschmidtI'm reading In the Plex right now. It is worth reading, however it doesn't have the same spark has Steven Levy's classic book Hackers.http://www.amazon.com/Hackers-Heroes-Computer-Revolution-Ann...
I really enjoyed this book:"Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age"
http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
Doesn't really teach crypto methods, but it gives a solid (and interesting) lesson about the history and thinking behind cryptology. A good read even if you're not a developer, IMHO
Probably not exactly what you're looking for, but anyone who worked on cryptography back in the 1970s (and who wasn't working for their government) was being fairly subversive. Steven Levy wrote a great book about the people involved called Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age. http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
⬐ drawkboxAnother recent one is PGP encryption. Read about Phil Zimmerman's decade of fun with the DOJ for creating it and not allowing a NSA backdoor.http://www.philzimmermann.com/EN/faq/index.html
I have done some crypto work for financials and trust me if you aren't using an RSA algorithm then you get lots of questions and notice.
The NSA can neither confirm nor deny that they have trapdoors/backdoor access into RSA encryption. But if you don't use it they get very anxious to know what you are up to. http://www.rsa.com/rsalabs/node.asp?id=2316
As the premier cryptographic government agency, the NSA has huge financial and computer resources and employs a host of cryptographers. Developments in cryptography achieved at the NSA are not made public; this secrecy has led to many rumors about the NSA's ability to break popular cryptosystems like DES (see Section 3.2), as well as rumors that the NSA has secretly placed weaknesses, called ``trapdoors,'' in government-endorsed cryptosystems. These rumors have never been proved or disproved. Also the criteria used by the NSA in selecting cryptography standards have never been made public.
They came down on Zimmerman to help dissuade others from creating more encryption algorithms. This could be because they have control over others or they simply want to limit the resources needed to break each type of encryption.