From: catalyst-remailer@netcom.com
Date: Mon, 27 Jun 94 08:59:03 PDT
To: cypherpunks@toad.com
Subject: Re: Is the NSA really competent?
Message-ID: <199406271559.IAA12568@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> I think that this message betrays a serious misconception that a number of
> people likely share, and that has to do with the levels of security offered by 
> commercial versus military methods.

I think that this reply betrays a serious lack of reading competence.  The
breakthroughs cited were the most important  breakthroughs in the 
science of cryptography, period.  There are no branches of mathematics
called "military" and "commercial".  The techniques have both
military and commercial application.  There is no evidence that the NSA 
knows about _any_ fundamental technique that has not been published 
in the literature.  Nor is there any evidence (save the hearsay about
S-boxes, which were actually developed at IBM) that they have made
any major contribution to the science of cryptography, despite the
massive resources they throw into it.  But they do want to preserve their 
jobs, so they would like you to think they do.  Their ability to drop 
hints here and there without having to demonstrate they actually know 
anything, to make people believe that Skipjack is an "advanced" algorithm 
without having to actually publish it, in general their ability
to use their top secret status for the purpose of selective
revelation, is perfectly suited to this kind of PR. 

Thus they can claim to "contribute to American competitiveness" by
releasing Skipjack, an algorithm for which there is _not even
any evidence that it is stronger than DES_, much less state of
the art algorithms like IDEA.  This has the actual efffect
of shooting the American computer security industry in the balls,
while making Congress believe they are helping it.

Note that I am _not_ accusing the NSA of political incompetence.
Any organization that can get a Congressional intelligence committee
to vote its way 13-0, that can keep pushing a warmed-over DES
crippled with a last-minute Rube Goldberg version of key escrow,
in the face of 70% public opposition (and nearly unanimous and quite
vocal opposition in the hi-tech industries) is no political slouch.  
Any organization that can increase their budget after their mission
has gone away, knows the ropes in D.C.  They are simply much better 
lobbyists than cryptographers.

> integration style 'one shot' systems for military use created a number of 
> companies, such as the Honeywell Secure Computing Technology Center, as well as 
> a number of DARPA funded groups such as Cray and Thinking Machines.

Of course with their budget, they can buy lots of slick hardware.  
That doesn't mean they know how to use it well.

Let's face it, our awe of NSA stems entirely from their budget
and their ability to stamps their incompetence top secret.