[Kingdmen]

Finally, I understand what they mean when they talk about encryption and "back doors"...not what I thought it was.

Super interesting. I guess what BlackBerry means when they say they don't have a backdoor is that the distance between P and Q on the elliptical curve is not known, even by BlackBerry itself. Thus, it's truly a random encryption every time. It also makes sense now when people talk about using "brute force" to decrypt things. They mean going through all the possible number variations that can exist, which takes a lot of time and computing power.

It all makess seeennnssseee. I suggest you watch. Numberphile is awesome.

Posted via CB10

[Omnitech]

Finally, I understand what they mean when they talk about encryption and "back doors"...not what I thought it was.

Super interesting. I guess what BlackBerry means when they say they don't have a backdoor is that the distance between P and Q on the elliptical curve is not known, even by BlackBerry itself. Thus, it's truly a random encryption every time. It also makes sense now when people talk about using "brute force" to decrypt things. They mean going through all the possible number variations that can exist, which takes a lot of time and computing power.

It all makess seeennnssseee. I suggest you watch. Numberphile is awesome.

That's an interesting video, and the professor is unquestionably very qualified in the mathematical field, but unfortunately it vastly mischaracterizes the whole issue of "how did the NSA hack our emails"?

First of all, what Edward Frenkel is specifically focusing on here is a random number generator algorithm which is well known to be flawed, it's been known for years now that it doesn't produce reliably random numbers.

The interesting thing is that despite this known flaw, NIST pushed heavily to include this algorithm in the standards recommendation for random number generators. In recent years it has become a subject of some controversy, but only since Snowden's revelations was it clear that it was almost guaranteed that NSA's pressure on NIST to "push" this form of random number generation had a nefarious motivation.

In most cases, DUAL_EC_DRBG as it is commonly referred-to is not used as a default random number generation protocol. In the case of Microsoft Windows, DUAL_EC_DRBG was included as an optional PRNG starting with Windows Vista, but it was not the default choice.

Since the Snowden revelations most security infrastructure vendors (including high-profile companies like RSA Security LLC) have started telling their customers to avoid DUAL_EC_DRBG because it seems so likely to be a weak encryption component.

More significantly, the ways that the NSA has gained access to confidential data on citizens without the knowledge or consent of the citizenry or their digital service providers encompasses a variety of techniques, only one of which (and a fairly insignificant one, in my view) relates to DUAL_EC_DRBG. The various methods include secret legal demands to turn over records on users ("PRISM"), snooping on private data connections between private data centers, tapping into undersea fiber optic cables to capture and monitor global communications, monitoring of wireless transmissions (using classified systems such as "ECHELON"), infiltration of technology vendors and insertion of weaknesses into their products security functionality (some of this was done openly - ie demanding that some equipment being sold by Cisco to a customer in China include secret snooping features), and even disseminating customized computer viruses designed to compromise computers, gain access to secret data, and send that data back to the NSA. (ie "STUXNET")

[Omnitech]

I updated that last post about 10 times since I originally posted it so if anyone is quoting it in a response you may want to get a 'fresh' copy.

[RSam]

Please watch the follow-up video (linked to under the first one):



In this video, Frenkel talks about the 2007 document by two Microsoft researchers who discovered the problem, and says that this backdoor was "one of the tools" used by NSA.

[Omnitech]

I guess what BlackBerry means when they say they don't have a backdoor is that the distance between P and Q on the elliptical curve is not known, even by BlackBerry itself. Thus, it's truly a random encryption every time.

In regards to "not knowing encryption keys", this is correct and BlackBerry cannot give the government the encryption keys of their customers (and allow the government the ability to trivially snoop on their customers' data), because those keys are under the control of their customers and not BlackBerry, and BlackBerry makes a strong point that there are no "backdoors" in their products.

However - and since you didn't specifically reference it I'm not sure if you realize this - the company most closely associated with the technology of Elliptic Curve encryption was a company called Certicom - and they also held most of the patents on this technology.

In March of 2009, Research In Motion Ltd (nee BlackBerry Ltd), closed their acquisition of Certicom.

Today, BlackBerry Ltd licenses Elliptic Curve encryption technology to, among others, the US National Security Agency.

That's not to say that BlackBerry knows about "backdoors" in Elliptic Curve technology - the specific technology that the numberphile videos refers to is something very different - a publicly-documented, license-free PRNG algorithm, or "Programmable Random Number Generator".

But since it is a well-known fact that the NSA employs some of the most advanced mathematicians in the world, they simply may know something that the rest of the world does not.

[TOfinest]

Interesting video. Made me want to go back to school lol

Proud owner of Q10, Z10 and Z30