Comment by throwaway654329
3 years ago
You are not accurately reflecting the history that is presented in the very blog post we are discussing.
NSA made DES weaker for everyone by reducing the key size. IBM happily went along. The history of IBM is dark. NSA credited tweaks to DES can be understood as ensuring that a weakened DES stayed deployed longer which was to their advantage. They clearly explain this in the history quoted by the author:
“Narrowing the encryption problem to a single, influential algorithm might drive out competitors, and that would reduce the field that NSA had to be concerned about. Could a public encryption standard be made secure enough to protect against everything but a massive brute force attack, but weak enough to still permit an attack of some nature using very sophisticated (and expensive) techniques?”
They’re not internally conflicted. They’re strategic saboteurs.
>IBM happily went along. The history of IBM is dark.
Then, as of now, I'm confused why people expect these kinds of problems to be solved by corporations "doing the right thing" rather than demanding some kind of real legislative reform.
Agreed. It can be both but historically companies generally do the sabotage upon request, if not preemptively. This hasn’t changed much at all in favor of protecting regular users, except maybe with the expansion of HTTPS, and a few other exceptions.
Libertarian and capitalist propaganda. The answer is always a variation of “if you don’t like it, don’t buy it/let the market decide.” Even if the “market” heads towards apocalypse.
Is there a third option beyond government and corporations?
> "NSA credited tweaks to DES can be understood as ensuring that a weakened DES stayed deployed longer which was to their advantage. They clearly explain this in the history quoted by the author"
I'm not sure I buy that this follows, wouldn't the weakened key size also make people not want to deploy it given that known weakness? To me it reads more that some people wanted a weak key so NSA could still break it, but other people wanted it to be stronger against differential cryptanalysis attacks and that they're not really related. It also came across that way in Levy's book where they were arguing about whether they should or should not engage with IBM at all.
It follows: entire industries were required to deploy DES and the goal was to create one thing that was “strong enough” to narrow the field.
Read the blog post carefully about the role of NBS, IBM, and NSA in the development of DES.
It’s hard to accept because the implications are upsetting and profound. The evidence is clear and convincing. Lots of people try to muddy the waters, don’t help them please.
They had a privately known way to weaken DES that effectively shortens the key length. They could have pretended to allow a longer key length while secretly retaining their privately known attack that lets them shorten it (without also acting to strengthen DES against it). They knew this in the 70s 20 years before it would become publicly known. They actively strengthened DES against this while not revealing the exploit. Doing this secretly doesn't narrow the field (doing it publicly might have), it's also inconsistent with their argument for short keys.
I read the blog post and I've read a lot about the history of this - what you're saying isn't really convincing. Often people I mostly agree with, maybe 90% just take it to the extreme where everything must fit their world view 100%. Rarely imo is that the case, often reality is more mixed.
If they’re related maybe they wanted DES to be strong so they could use it, but wanted the public to only have access to short keys so they could also break the public's use of it. Still, it's interesting they didn't leave in a weakness they could exploit secretly despite a longer key size.
edited for clarity
2 replies →