Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Encryption Networking

TCP/IP Might Have Been Secure From the Start If Not For the NSA 149

Posted by Soulskill from the another-lash-for-the-whipping-boy dept.
chicksdaddy writes: "The pervasiveness of the NSA's spying operation has turned it into a kind of bugaboo — the monster lurking behind every locked networking closet and the invisible hand behind every flawed crypto implementation. Those inclined to don the tinfoil cap won't be reassured by Vint Cerf's offhand observation in a Google Hangout on Wednesday that, back in the mid 1970s, the world's favorite intelligence agency may have also stood in the way of stronger network layer security being a part of the original specification for TCP/IP. (Video with time code.) Researchers at the time were working on just such a lightweight cryptosystem. On Stanford's campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described the functioning of a public key cryptography system. But they didn't yet have the algorithms to make it practical. (Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977). As it turns out, however, Cerf did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren't they used? The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."
This discussion has been archived. No new comments can be posted.

TCP/IP Might Have Been Secure From the Start If Not For the NSA More

TCP/IP Might Have Been Secure From the Start If Not For the NSA

Comments Filter:

  • That's funny (Score:2, Informative)

    by Anonymous Coward on Friday April 04, 2014 @04:08PM (#46664439)

    We used to use telnet, ftp and uucp, those weren't secure or encrypted.

    The internet used to be open and free, owned by no one.

    It's a stretch to think they wanted to do encryption from the start.

  • Re:Flamebait (Score:5, Informative)

    by ShanghaiBill ( 739463 ) on Friday April 04, 2014 @04:23PM (#46664603)

    the world's favorite intelligence agency may have also stood in the way of stronger network layer security

    But that is misleading. The NSA did not "stand in the way". The just declined to help. That is not the same thing.

  • Re:Flamebait (Score:5, Informative)

    by Anonymous Coward on Friday April 04, 2014 @04:34PM (#46664703)

    It also at the time would be been considered a state secret. Until the late 90s publishing any of a huge number of crypto tools to the international community was illegal. So even if he had permission to publish this research to the US, it couldn't be given out internationally. That's not the "NSA"s decision, that's was much higher up than them.

  • Just in case anybody's forgotten (which they have) (Score:4, Informative)

    by mmell ( 832646 ) on Friday April 04, 2014 @05:27PM (#46665085)
    There were individuals and organizations back in the seventies and eighties that got in trouble with the US Government for writing and publishing software that used strong encryption. The problem was that the published code was visible from outside the US and ran afoul of ITAR regulation (citation: check the history of PGP). Incorporating strong encryption in TCP/IP would have made its use and adoption subject to US ITAR regulation.

  • Re:Flamebait (Score:2, Informative)

    by Anonymous Coward on Friday April 04, 2014 @06:51PM (#46665695)

    The research existed, Cerf had access to it, but they didn't allow it to be used.

    The research would not have existed if not for the NSA. So how might TCP/IP have been secure from the start if not for them?

Slashdot Top Deals

"I've seen it. It's rubbish." -- Marvin the Paranoid Android

Close