In message <[EMAIL PROTECTED]>, Adam Shostack write
s:
> | I suspect his security experts realized that export controls were
> | ineffective in keeping crypto out of the hands of bad guys and that
> | the DOD was suffering because the commercial products on which it
> | depends lack strong security.
>
> To pick a nit, strong crypto will not solve a large number of the
> security problems we possess today. It will make a class of attacks
> harder, but not the easiest class, which is to exploit flaws in
> software and configuration to bypass controls.
You're both right.
First, it's quite correct that crypto won't solve most problems. Last year, I
analyzed all of the CERT advisories that had ever been issued. 85% described
problems that cryptography can't solve. To give just one example, 9 out of 13
advisories last year concerned buffer overflows -- and 2 of the remaining 4
described problems in crypto modules.
That said, the problems that are solvable with cryptography -- sniffers,
sequence number guessing, etc. -- are very important ones. DoD machines --
and, perhaps more importantly, vital private-sector computers -- use
off-the-shelf hardware and software. (Remember the battle cruiser run by NT?)
To the extent that these machines are vulnerable because of the lack of
crypto, national security suffers. There are lots of folks in the Pentagon
who understand this.
One last point -- there is no one "government" view. The government is
composed of many individuals and many agencies; they each have their own
agendas. Sure, the SIGINT folks and the FBI want weak crypto, because it
makes their jobs easier. Other folks are more concerned with, say, keeping J.
Random Terrorist from getting to the power grid (see Operation Eligible
Receiver for details). For that matter, there are people in the government
who want American companies and non-DoD government agencies to be able to keep
data secret from the prying eyes of pick-your-least-favorite-foreign-
government.
--Steve Bellovin
