1995-09-20 - Re: NSA and Netscape Crack

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: c49e62d490a26611dfdc59a4155c70f8e502cded01cdfad1fb57cb088c8ba39d
Message ID: <ac84fbf926021004d2c2@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-09-20 06:02:05 UTC
Raw Date: Tue, 19 Sep 95 23:02:05 PDT

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Tue, 19 Sep 95 23:02:05 PDT
To: cypherpunks@toad.com
Subject: Re: NSA and Netscape Crack
Message-ID: <ac84fbf926021004d2c2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 PM 9/19/95, Jim Ray wrote:

>In the relatively short time I've been on this list, Cypherpunks
>have bruted, and then found a weakness in, two kinds of Netscape
>software.
>[A fine public service, IMO. Congrats to all involved.]
>
>I don't expect to know NSA's specific brute-force capability, but
>does anyone know if the NSA has *ever* found a glaring weakness in
>software and then told its author(s) or owner(s) about it? Do "we"
>perform the "COMSEC" role Tim was speaking of better than the NSA?

Indeed, Jim is underscoring the point I was making, facetiously, that the
NSA has abandoned all pretense of helping to actually secure commercial
transactions (and no, I wasn't referring to Clipper...rather, I was
facetiously referring to the short-lived Commercial COMSEC Endorsement
Program, circa 1988-89).

As I said in my message, I don't _want_ the NSA or NIST (the same, really)
to be vetting commercial encryption. But I also don't want them claiming a
role in securing commercial encryption when they clearly are not even doing
as much as the Cypherpunks are doing.

By the way, if we count our own Matt Blaze's work on exposing weaknesses of
the Tessera/Skipjack/Clipper (they blur together) card as a "Cypherpunks
achievement," then the Cypherpunks have actually played a dominant role in
cracking these recent standards. (Not to mention the RC4 code postings, the
various Cypherpunks involved in the RSA-129 and "BlackNet" factorizations,
etc.)

Well done, of course!

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







Thread