Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Technology

NSA Turns To Commercial Software For Encryption 264

Posted by simoniker from the chinese-government-buys-certicom dept.
Roland Piquepaille writes "According to eWEEK, the National Security Agency (NSA) has picked a commercial solution for its encryption technology needs, instead on relying on its own proprietary code. "The National Security Agency has purchased a license for Certicom Corp.'s elliptic curve cryptography (ECC) system, and plans to make the technology a standard means of securing classified communications. In the case of the NSA deal, the agency wanted to use a 512-bit key for the ECC system. This is the equivalent of an RSA key of 15,360 bits." This summary includes the NIST guidelines for public key sizes and contains more details and links about the ECC technology. Since the announcement, Canadian Press reports that Certicom's shares more than doubled in Toronto."
This discussion has been archived. No new comments can be posted.

NSA Turns To Commercial Software For Encryption More

NSA Turns To Commercial Software For Encryption

Comments Filter:

  • OSS ECC? ECC vs AES (Score:0, Interesting)

    by draziw ( 7737 ) * on Sunday October 26, 2003 @12:33PM (#7313832) Journal
    Are there any OSS projects that support elliptic curve cryptography? What makes ECC so much better vs AES with a key size of 256?

    --
    Have you sent a check to SCO today?

  • What about license abuse? (Score:3, Interesting)

    by MongooseCN ( 139203 ) on Sunday October 26, 2003 @12:36PM (#7313841) Homepage
    What if a company is suspicious of the NSA not following the license it was given? It's not like the government is going to let a commercial company into the NSA to audit all its computer systems. I suppose it will all be done on the honor system.

  • Re:FINALLY ... (Score:2, Interesting)

    by Egonis ( 155154 ) on Sunday October 26, 2003 @12:44PM (#7313874)
    I am from Mississauga, Ontario - where Certicom resides, and am feeling two emotions:

    - I am happy to see a local business score a large contract in my hometown
    - I am confused as to how the American Government ever approved a purchase of an external Intellectual Property

    I'm sure alot of Americans will have disagreements on this one!

  • If true it sends a signal. No quantum computer now (Score:2, Interesting)

    by j_dot_bomb ( 560211 ) on Sunday October 26, 2003 @12:45PM (#7313879)
    If true it sends a signal. They currently dont have a quantum computer (and therefore expect no one else does or will in a reasonable amount of time). However I do remember seeing a standard created to do a form of digital signatures only with conventional encryption (which is not in general "breakable" by quantum computers like "hard problem" public key cryptography).

  • This isn't an issue of "open" vs "closed" (Score:3, Interesting)

    by NotQuiteSonic ( 23451 ) on Sunday October 26, 2003 @12:50PM (#7313906) Homepage

    The algorithm they used is patented and very much open for criticism. It would need to be fore NSA to choose it. Think of it like RSA where the algorithm was patented as well (many open source applications use RSA now, since the license has expired).

    Dr. Scott A. Vanstone [certicom.com] is a professor at University of Waterloo, so it is kind of neat to see one of my profs in the news (I knew about the company, but they haven't had much going for them for a while). He teaches Coding Theory (CO 331 [uwaterloo.ca]) and is the Executive Director of Centre for Applied Cryptographic Research [uwaterloo.ca]

  • Re:Privatization (Score:3, Interesting)

    by Anonymous Coward on Sunday October 26, 2003 @01:07PM (#7313979)
    Hypothetical:

    You're the premiere intelligence agency in the world. When you need to secure data, you use algorithms that nobody else in the world knows about, designed in secret by some of the greatest mathematical geniuses there are.

    When you need to secure an email you're sending to someone not in the agency, you can't (not to mention don't) use your hidden good stuff, because the recipient doesn't have the algorithm. So, you use something publicly available.

  • Re:FUD (Score:3, Interesting)

    by AKnightCowboy ( 608632 ) on Sunday October 26, 2003 @01:31PM (#7314082)
    PS. I could be wrong, but from the article it seems that "intellectual property" and "This is the first time that the NSA has endorsed any sort of public-key cryptography system." that they are not actually lisencing software but are in fact lisencing the cryptosystem. If I am wrong, I humbly apologize.

    Well, before they just used it and didn't bother asking for permission. This isn't that big of a deal. The only thing out of the ordinary is they asked before using it. Nothing is stopping the NSA from ignoring a license for anything. Who are you going to call, the BSA to battle the NSA? Licensing applies to corporations and individuals.. governments can choose whether to obey them or not. We'd like for them to obey them, but who watches the watchers?

  • So this means there's no easy way to break ECC... (Score:3, Interesting)

    by Urkki ( 668283 ) on Sunday October 26, 2003 @02:14PM (#7314253)
    ...known to NSA I mean. Why would they license it if they knew of some weakness in it...

    Hmm...

    Or maybe there *is* a suble weakness, leading to an "easy" way to break ECC. And NSA is licensing this to give it undue creidibility, so more people start using it, while NSA can easily (compared to RSA or whatnot) read everything encrypted with it...

  • Re:Size of key (Score:3, Interesting)

    by bluGill ( 862 ) on Sunday October 26, 2003 @02:56PM (#7314401)

    You don't brute force either system. Useing the best known mythods to break encryption today (which in the case of both RSA and ECC is not brute force) breaking a 512 bit ECC key is about the same effort of breaking a 15360 bit RSA key. Note that breaking a 512 bit symetric key (something like AES, blowfish, modified to use a 512 bit key) is more effort than breaking either one.

    I'm not sure I belive the difference is that great. RSA type encryption has had a lot of effort put into breaking it, ECC gets less attention (though it is getting more). If ECC got as much attention as RSA did from the mathamatical world, the difference in efforts to break them would be a lot closer.

    Note that both ECC and RSA are NP-complete, meaning that if there is a generic way to break one, in essentially no time (no matter how big the key is), that algorythm can be easially modified to break the other. There is a lot fo debate in CS about such problems and if such an algorythm exists. Anyone using either must be aware that there is no proff that you can't break it trivially.

  • Re:Huh? (Score:3, Interesting)

    by Ogerman ( 136333 ) on Tuesday October 28, 2003 @04:40PM (#7331883)
    However, I'm not sure that I'd go so far as to say anything mathematical shouldn't be patentable. In particular, this is an application of mathematics, not just pure math. I don't think you can come up with a new way to solve a pure math problem, or a new way of expressing an equation, and get a patent on it. ... We could argue that ECC is a discovery rather than an invention just as easily as we can for any other technological advancement.

    The difference is that patents on mathematical techniques or software algorithms are a distinct limitation of free speech, whereas patents relating to physical inventions are only a limitation of manufacturing rights. Ultimately, it could be argued that all invention has a mathematical basis, but software patents are unique in that they are unembodied. Because anyone can create software, software patents directly infringe on personal freedoms, in the same way that patents on literary style would.

Slashdot Top Deals

"Experience has proved that some people indeed know everything." -- Russell Baker

Close