When a New York Times report appeared Thursday saying the National Security Agency had “circumvented or cracked much of the encryption” protecting online transactions, computer security professionals braced for news of breakthroughs undermining the fundamentals of their field.
However, cryptography experts tell MIT Technology Review that a close reading of last week’s report suggests the NSA has not broken the underlying mathematical operations that are used to cloak online banking or e-mail.
Instead, the agency appears to rely on a variety of attacks on the software used to deploy those cryptographic algorithms and the humans and organizations using that software. Those strategies, revealed in documents leaked by Edward Snowden, came as no surprise to computer security researchers, given that the NSA’s mission includes the pursuit of America’s most technologically capable enemies.
“The whole leak has been an exercise in `I told you so,’ ” says Stephen Weis, CEO of server encryption company PrivateCore. Weis previously worked on implementing cryptography at Google. “There doesn’t seem to be any kind of groundbreaking algorithmic breakthrough,” he says, “but they are able to go after implementations and the human aspects of these systems.”
Those tactics apparently include using legal tools or hacking to get the digital keys used to encrypt data; using brute computing power to break weak encryption; and forcing companies to help the agency get around security systems.
To read more, click here.