Why You Can't Trust Government Provided Cryptography

by @edent | # # # # | 1 comment | Read ~102 times.

You should visit Bletchley Park. Seriously. It's the most amazing museum - dedicated to the wartime effort to crack Enigma; the Nazi cryptographic machines.

The tour guides of Bletchley Park are full of fascinating stories. They can tell you how all the primitive computers work, about the history of each building, they know all the curious little facts which make visiting the park an absolute joy.

There's one story in particular that I never tire of hearing.

By 1945, Turing's computers were able to decrypt Enigma transmission within 48 hours - it was thoroughly broken. After the war, the British had captured thousands of working Enigma machines. What on Earth could they do with them? The answer was simple. Sell them to our Allies as "The Uncrackable Enigma!"

And, indeed, they did. The British Government sold cryptographic devices to their allies even though the British knew that the cryptography was fatally compromised.

I presume that for the next few years, the British Government were able to spy on the world. Listening in on all the high level discussions they could.

In 2007, the security expert Bruce Schneier asked "Did NSA Put a Secret Backdoor in New Encryption Standard?"

Cryptography experts were worried that the American National Security Agency were promoting a new encryption standard which was potentially crackable by the US Government.

The US Government had taken a leaf out of the UK's book, so it seemed, and had encouraged the world to use insecure cryptography.

This has been going on for decades.

One thought on “Why You Can't Trust Government Provided Cryptography

  1. > This has been going on for decades.

    Indeed - your younger readers may not know that up until October 1996, the US Government considered encryption systems using a key length greater than 40 bits "munitions" and barred their export.

    Ironically, this meant that DVDs could only be "protected" using 40bit encryption, which by 1999 a desktop PC could be crack within a day.

    Further reading:
    http://www.washingtonpost.com/wp-srv/politics/special/encryption/encryption.htm
    http://epic.org/crypto/export_controls/interim_regs_12_96.html
    https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#PC_era

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.