Re: [Lista Criptica] [artículol] Cómo el padre de la cripto…

Delete this message

Reply to this message
Author: Elkon Fad
Date:  
To: list_criptica
Subject: Re: [Lista Criptica] [artículol] Cómo el padre de la criptografía moderna se enfrentó a la NSA portu privacidad


El 27/11/16 a les 16:42, guifipedro ha escrit:
> Un poco de historia, años 70, orígenes del cifrado de clave privada,
> pública.
>
> Me ha resultado una lectura amena, que la disfrutéis
>
> http://www.eldiario.es/hojaderouter/seguridad/Martin_Hellman-Diffie-Hellman-criptografia-NSA_0_583392679.html

És curiós com al cap dels anys es van deixar vèncer per la NSA. Em
sonava que no eren aigua clara i he trobat la notícia:
http://www.reuters.com/article/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331

«Reuters reported in December that the NSA had paid RSA $10 million to
make a now-discredited cryptography system the default in software used
by a wide range of Internet and computer security programs. The system,
called Dual Elliptic Curve, was a random number generator, but it had a
deliberate flaw - or "back door" - that allowed the NSA to crack the
encryption.»

----

Per una altra part, hi ha un altre personatge rellevant que va tenir
conflictes de patents amb la companyia RSA, Phil Zimmerman, per fer
servir RSA (algorisme) dins de PGP. El més divertit, però, va ser la
prohibició del govern dels USA d'exportar criptografia i el seu hack a
la llei
https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation

«After a report from RSA Security
<https://en.wikipedia.org/wiki/RSA_Security>, who were in a licensing
dispute with regard to the use of the RSA algorithm in PGP, the United
States Customs Service
<https://en.wikipedia.org/wiki/United_States_Customs_Service> started a
criminal investigation of Zimmermann, for allegedly violating the Arms
Export Control Act
<https://en.wikipedia.org/wiki/Arms_Export_Control_Act>.^[4]
<https://en.wikipedia.org/wiki/Phil_Zimmermann#cite_note-Kafka_territory-4>
The United States Government had long regarded cryptographic software as
a munition, and thus subject to arms trafficking export controls
<https://en.wikipedia.org/wiki/Export_of_cryptography>. At that time,
the boundary between what cryptography was permitted ("low-strength")
and impermissible ("high-strength") for export from the United States
was placed such that PGP fell on the too-strong-to-export side of the
boundary. The boundary for legal export has since been raised and now
allows PGP to be exported. The investigation lasted three years, but was
finally dropped without filing charges.»