[HN Gopher] Five cryptologic giants to be inducted into NSA's Cr...
___________________________________________________________________
Five cryptologic giants to be inducted into NSA's Cryptologic Hall
of Honor
Author : keepamovin
Score : 50 points
Date : 2024-01-16 11:51 UTC (11 hours ago)
(HTM) web link (www.nsa.gov)
(TXT) w3m dump (www.nsa.gov)
| i8comments wrote:
| Ironic that some of the people most responsible for weakening
| encryption are giving out awards for strengthening encryption.
| no-dr-onboard wrote:
| I see your point, but be careful of throwing the baby out with
| the bathwater on this one.
|
| AES largely gained popularity in part by the NSA adopting it
| into the "Suite B Crypto" program. The NSA also helped
| strengthen and develop DSA & SHA during it's early years.
| adgjlsfhk1 wrote:
| the NSA has always liked somewhat weak encryption.
| specifically, they would really like if encryption could be
| broken in very roughly 1 week to 1 year on a super computer.
| sandworm101 wrote:
| Perhaps in the past, but the NSA are good at predicting
| trends. They know that something broken by a supercomputer
| today will likely be broken on a smartwatch tomorrow.
| Intelligence agencies, unlike most tech firms, need to
| futureproof their secrets for decades. While the NSA no
| doubt has an interest secret backdoors, I don't think they
| would today support mathematically weak encryption.
| tptacek wrote:
| That doesn't make sense as an NSA target, because NSA's
| adversaries all easily clear that threshold. What NSA
| supposedly wants are "NOBUS" weaknesses: keyed
| vulnerabilities for which only they hold the keys.
| user764743 wrote:
| In the case of the Shadow Brokers, it revealed that those
| supposed "NOBUS" were low level vulnerabilities that did
| not need a supercomputer to break.
| tptacek wrote:
| A vulnerability isn't "NOBUS" just because it exploits an
| unpublished zero-day. Dual EC was NOBUS because
| exploiting it required a curve private key that
| presumably only NSA had.
| tialaramex wrote:
| NOBUS (Encryption which Nobody But _Us_ can break) which is
| the rationale for DES weakness) doesn 't make any sense any
| more today. Can the Americans spend a thousand times more
| on compute power than the Chinese today? Do they have
| uniquely intelligent mathematicians? No. So there's no
| point in popularizing any solutions that the US can break,
| because if they can the Chinese can break them too.
|
| I think lots of people have this idea that everybody
| thought DES was fine and so the reality of attacks on DES
| was astonishing, therefore AES won't be any better we're
| just in the dark somehow. That's just not true, DES was
| _known_ to be purposefully weak, good enough but not
| actually good. 56-bit keys and 64-bit block sizes - you can
| 't brute force that with a computer you can buy from the
| store, but it's not _ludicrous_ and clearly somebody with
| government money can do it eventually. AES makes those
| numbers enough bigger that you just can 't break it this
| way.
| chasil wrote:
| Actually, two of the awards are for codebreaking in the
| (relatively) distant past, far before modern practices.
|
| "Evelyn Akeley's... accomplishments during World War II were
| exceeded only by those of her students, who broke virtually
| every Japanese army code they encountered.
|
| "James Lovell... 'the [American] Revolution's one-man National
| Security Agency.' His pioneering work as a codebreaker and
| codemaker gave cryptology a singular role in the emergence of
| our new Nation. Leveraging Lovell's decrypts, George Washington
| knew of the approach of a British relief force and was able to
| warn his French allies, thus enabling a decisive victory at
| Yorktown."
| kosasbest wrote:
| NSA are purple team (both red team and blue team), so they do
| defense aswell as offense. They need to sniff plaintext aswell
| as protect their own infra and IP with strong crypto standards
| like AES. The public also benefits from AES, often to the
| detriment of SIGINT efforts by the NSA, so there are caveats to
| this, and it's nuanced.
| paxys wrote:
| The two go hand in hand. If you don't put effort into cracking
| encryption you are never going to get stronger encryption.
| geoffmunn wrote:
| I always assumed that the NSA 'hardened' versions of products
| or operating systems were a careful mix of fixes for things
| they wanted to be protected against, while still letting secret
| backdoors to be preserved.
| adrian_b wrote:
| Those who have been added in the past to NSA's Cryptologic Hall
| of Honor are listed at:
|
| https://www.nsa.gov/History/Cryptologic-History/Historical-F...
|
| While that list contains many important contributors, it is far
| from complete.
|
| The most notorious of the 2023 list is Joseph Mauborgne, and
| among his merits is written: "He is credited as the co-inventor
| of the One-Time Pad".
|
| Even if this claim, which appears to originate from the book "The
| Codebreakers" by David Kahn (1967) has been frequently repeated,
| there is no evidence for it and it seems very implausible.
|
| The "One-Time Pad" has been described for the first time in the
| non-classified literature in February 1926 by Gilbert Sandford
| Vernam in "Cipher Printing Telegraph Systems For Secret Wire and
| Radio Telegraphic Communications". Because of that, it has become
| known as the "Vernam cipher", even if Vernam has not invented it.
|
| The "One-Time Pad" is an improvement of the so-called "running-
| key ciphers", which had been used already for many years before
| World War I. These are aperiodic substitution ciphers. Until the
| end of WWI it was believed that if the "running key", i.e. the
| stream of key symbols, is not periodic, that is enough to make an
| unbreakable cipher. The "running key" used for encryption was
| usually taken from the text of some book.
|
| In 1918, two employees of ATT, Gilbert Sandford Vernam and Lyman
| F. Morehouse have filed two patent applications for an
| electromechanical implementation of the running-key ciphers,
| where the plaintext, the ciphertext and the running key were
| stored on punched tape. Vernam's patent was for the use of
| bitwise addition modulo 2 for combining the running key with the
| plaintext or ciphertext, while Morehouse's patent was for using
| several running-key generators with coprime periods and combining
| their outputs to obtain a generator with a period equal to the
| product of the coprime periods.
|
| Both inventions of Vernam and Morehouse continue to be used today
| very frequently and they both deserve to be included in NSA's
| Cryptologic Hall of Honor more than most people already present
| there.
|
| In 1918, Vernam and Morehouse who were in contact with Mauborgne,
| because the US military was a very likely customer for their
| encrypted telegraph, were still believing that it is enough for
| the running key to be not periodic. Some time between 1918 and
| 1926, Vernam has learned that there is a second condition, the
| key symbols must be chosen at random, otherwise the cipher is
| breakable.
|
| Kahn supposes that Vernam has learned this from Mauborgne. This
| is possible, but in any case the idea cannot have originated from
| Mauborgne, but only from his subordinate Captain William F.
| Friedman.
|
| NSA's Cryptologic Hall of Honor includes, very appropriately, at
| its first two positions (i.e. in 1999), both William F. Friedman
| and his wife and coworker Elizebeth S. Friedman.
|
| In 1918, at the end of WWI, William F. Friedman has been the
| first who has succeeded to cryptanalyze documents encrypted with
| aperiodic running-key ciphers, busting the myth that such ciphers
| are unbreakable. Being the first who has created a deciphering
| method for aperiodic substitution ciphers that was based on the
| fact that the key symbols were not random, it is pretty obvious
| that he was also the first to understand that an unbreakable
| cipher must satisfy 2 conditions: the stream of key symbols must
| be aperiodic _and_ random.
|
| His work was classified, so a few months later Vernam and
| Morehouse were still believing in the unbreakability of aperiodic
| running keys, regardless whether they are random or not.
|
| Mauborgne was Friedman's boss, so he must have learned
| immediately that the non-random running-key ciphers are breakable
| and that random aperiodic running-keys are required for
| unbreakability.
|
| In the following years Friedman has collaborated with Vernam and
| he has invented some improvements of Vernam's system, to make its
| running keys more random.
|
| So Vernam could have learned about the randomness condition
| either directly from Friedman or through Mauborgne. In any case,
| it seems impossible for Mauborgne to have had any direct
| contribution to the previous work of Friedman.
|
| Even if it is unlikely that Mauborgne has been any kind of "co-
| inventor of the One-Time Pad", he certainly had very important
| contributions so he deserves his place in the Hall of Honor.
| Nevertheless, nothing of what Mauborgne might have done is still
| in use today, unlike the inventions of Vernam and Morehouse,
| which are ubiquitous, so they deserve more than him a place
| there.
|
| Also Shannon (ATT), Hamming (ATT) and Feistel (IBM) are missing,
| while all modern cryptology is based on their work (Diffie is
| included on the list, despite his constant mistrust of NSA, so
| the list is not restricted to government employees). It is less
| known that Hamming had an essential contribution to modern
| cryptology. While his colleague Shannon had invented the
| components of all modern cryptographic algorithms, he believed
| that his strong ciphers are impractical for communications, due
| to the susceptibility to errors. The error-correcting codes
| invented by Hamming have solved this problem, as established
| later by Horst Feistel at IBM.
| MeImCounting wrote:
| But where does Lawrence P. Waterhouse fit into this whole
| story?
| adrian_b wrote:
| That is a fictional character in the novel Cryptonomicon by
| Neal Stephenson.
|
| Moreover, the action of the novel is in WWII, many years
| after the public disclosure of the one-time pad by Vernam,
| which happened in 1926.
|
| While the novel Cryptonomicon uses the term "one-time pad",
| it is very likely that this is an anachronism, because I have
| not seen any document from WWII or earlier that uses this
| term. The classified manuals of Military Cryptography and
| Military Cryptanalysis written by Friedman described it
| without using a special term for it, while Shannon, in 1945
| and 1949 called it the "Vernam system", quoting the only non-
| classified source for it, i.e. the paper written by Vernam. I
| believe that the term "one-time pad" might have been coined
| during the Cold War to describe the ciphers used by Russian
| spies, who used random keys written on sheets of paper, which
| were destroyed after use. So in the beginning it was not a
| term referring to ciphers implemented by machines.
|
| Before the classified work of Friedman from 1918, who
| cryptanalyzed documents intercepted in France in the final
| months of WWI, there was a certain Frank Miller who has
| described a kind of one-time pad in 1882.
|
| However, what Frank Miller has written did not have any
| influence on cryptology. Moreover, his choice appears to have
| been just a lucky guess, which was not based on any
| experience in breaking ciphers or on any mathematical theory.
| mandevil wrote:
| Leo Marks' memoirs, _Betweek Silk and Cyanide: A
| Codemaker's War, 1941-1945_ about his time as chief
| cryptographer of SOE, frequently discusses two major ideas
| of his that he pushed regularly: Worked Out Keys (WOKs) and
| Letter One-time Pads (LOPs). His heavy use of that acronym
| in his book written in 1998 is pretty strong evidence to me
| that he at least used that term of art during the war. Now,
| at least as presented in his memoirs, he was mostly
| isolated from the main cryptographic efforts of the war, so
| it seems unlikely that e.g. Meredith Gardner and the Venona
| Project would have encountered his use of the term, so I
| think that strongly suggests that the term pre-dates WW2
| unless it was a simultaneous coinage.
| adrian_b wrote:
| That would make "one-time pad" a British term, which is
| consistent with the non-existence of this term in the
| early American documents.
|
| Even if "one-time pad" had been used by the British
| during WWII, that would still make its use in
| Cryptonomicon inappropriate, because there it was used by
| an American.
|
| Thanks for pointing to Leo Marks' book. I have just
| browsed it and it is weird how unfamiliar he was with the
| previous cryptographic literature, despite being a
| trained cryptographer.
|
| According to his memoirs, Leo Marks had great
| difficulties in rediscovering the "letter one-time pads",
| in order to replace the "digit one-time pads", which were
| inconvenient for Morse transmission.
|
| Not only the solution to his problem was clearly
| explained in Vernam's article from 1926, which had been
| published in both the Transactions of the A.I.E.E and in
| the Journal of the A.I.E.E, which were journals important
| enough to be available in various British libraries, but
| the solution searched by him was also explained in
| various popular publications, even in one of the novels
| written by Jules Verne almost a century earlier.
|
| Anyone familiar with the history of cryptography and with
| the various kinds of ciphers used in the past would have
| thought instantaneously to the correct solution for
| implementing the desired "letter one-time pad" (i.e. by
| addition modulo 26 of the numerical positions of the
| letters in the alphabet). Also, had they been well aware
| that good one-time pads are unbreakable, they should have
| easily realized that the double encryption with a
| codebook followed by a one-time pad is useless.
|
| From his memoirs, it appears that his knowledge of
| cryptography, at least in the initial part of WWII, was
| much inferior to the content of the manuals written by
| Friedman, which were used for training the American
| cryptographers, although it appears that in time, after
| gaining experience, he has become good enough.
| MeImCounting wrote:
| I would like to point out that much of Lawrence's work
| during the war was done in Bletchley Park and with a
| British crypto-related detachment.
| mandevil wrote:
| As he presents himself in the book, at least, he was
| basically a dilettante, one of many who got sent to the
| GC&CS at Bletchley (the people who get described in Kahn
| 1991 or Winterbotham or Calvorcessi in their explanations
| of who worked at Hut 6 or 8 as 'linguists,
| mathematicians, people who wrote crossword puzzles'
| types). He flunked out of GC&CS, however, and only got
| the job with SOE by the skin of his teeth (the general in
| charge of SOE wanted him to decrypt an actual operational
| message but forgot to give him the key- the general
| wanted to see how fast he was at doing the double
| transposition cipher compared to a clerk, but instead
| Marks over the course of a day's work cracked the
| actually sent operational message without the key, which
| impressed/scared the general far more and got him the
| job).
|
| But he had just rapid wartime training of learning by
| doing, and he was largely by himself as the only
| cryptographer in SOE, at least as he depicts it, so it
| highly plausible to me that he missed a lot of things
| that were widely known in the broader cryptography
| community. (It was because he was so isolated from the
| rest of the British crypto community that he ended up
| allowed to write public memoirs, I suspect. Wiki says he
| wrote it in the early 1980's and wasn't allowed to
| publish until 1998.)
| inasio wrote:
| Does anyone know anything about James Radford (James Radford -
| Jim Radford developed Special Purpose Devices that solved
| intractable analytic problems, often by enhancing the performance
| of supercomputers by a factor of hundreds)?
|
| I found that super interesting but couldn't find anything online
| about him, not even the era (Cold War, 911, recent). If anyone
| has any links or literature about things he did I would very much
| appreciate it.
___________________________________________________________________
(page generated 2024-01-16 23:01 UTC)