Phillip Rogaway, 01.12.2015 "The Moral Character of Cryptographic Work" I think we would do well to put ourselves in the mindset of a *real* adversary, not a notional one: the well-funded intelligence agency, the profit-obsessed multinational, the drug cartel. You have an enormous budget. You control lots of infrastructure. You have teams of attorneys more than willing to interpret the law creatively. You have a huge portfolio of zero-days. You have a mountain of self-righteous conviction. Your aim is to *Collect it All, Exploit it All, Know it All*. What would frustrate you? What problems do you *not* want a bunch of super-smart academics to solve?
Peter Gutmann 8.11.2015 on cryptography mailing list: That "false sense of security" argument is one of the great bugbears of security. It's typically presented as "we can't use a less-than-perfect but very effective security measure because it'll give people a false sense of security" (with an implied "we'll keep using this theoretically perfect but practically useless security measure instead").
Henry Baker, 30.10.2015 on cryptography mailing list Subject: New email feature: NSA speedbumps Keep Bluffdale warm this winter! NOBUS would bother trying to decode these postscripts. They might give away the state of your random number generator. Or they might encode a secret message. Let NSA decide. -----BEGIN PGP ARMORED FILE----- Version: GnuPG v1.4.9 (Cygwin) Comment: NSA speed bump|BBC broadcast: indistinguishable from \ head -c526 /dev/random|gpg --enarmor q0OBgv0g2ijK2ECXMJvcLNhMadqpl6hvIUf3mccIzrPYQDR4fjDNwliektNL14u9 RIQWeYH6tDZ/m9h5tIwL2y2gCYrvclvSabz+jlXviX+1nR8rmmypecLquCCooI17 ... -----END PGP ARMORED FILE-----
John Denker, 21.10.2015 on cryptography-mailing-list The fact that my operating system shipped with something like 170 trusted "root" CAs is a problem. When the attack surface is that large, it cannot be defended. This is a profound, grotesque, obvious problem. It makes a mockery of the intended meaning of "root".
Rich Salz, 29.08.2015 on cryptography-mailing-list The law used to say that the NSA was the "expert" for NIST cryptography. After it became known that NSA gamed the system, I believe NIST no longer feels beholden to do what NSA says.
John Pescatore, director of the SANS Institute, 31.07.2015 Focusing on information sharing legislation while the vast majority of breaches are enabled by lack of simple security hygiene is like washing your car when the engine makes funny noises - it gives the feeling of action but is not remotely related to the actual problem. http://www.sans.org/newsletters/newsbites/xvii/59
Kurt Graulich, Sonderermittler NSA-Affäre, im Spiegel-Interview, 01.07.2015 Es gibt keinen akzeptablen Grund für die Vorratsdatenspeicherung, sie ist ein unverhältnismäßiger Eingriff in die Persönlichkeitsrechte. Wir durchsuchen auch nicht den Hausmüll aller Bürger, weil sich dort Hinweise auf Straftaten verbergen könnten. Außerdem ist das Risiko für einen Missbrauch der gespeicherten Daten viel zu groß. http://www.spiegel.de/politik/deutschland/nsa-sonderermittler-kurt-graulich-ein-mann-40-000-datensaetze-a-1040661.html
Friedrich Küppersbusch, Journalist, 07.06.2015 Interessant, dass selbst die USA den Datenzugriff des Staates verringern in just dem Moment, in dem Deutschland ihn vergrößert. http://www.taz.de/Die-Woche/%215202952/
Pressesprecher des Bundesministeriums des Innern, Dr. Johannes Dimroth, 30.04.2015 Nicht-öffentlich ist ja nicht gleich geheim. Es gibt natürlich eine Reihe von Abreden zwischen jedermann, die deswegen noch lange nicht geheim sind. https://netzpolitik.org/2015/bundesregierung-geheime-nebenabrede- zur-vorratsdatenspeicherung-ist-nicht-geheim-nur-nicht-oeffentlich/
Jerry Leichter, CRYPTO mailing list, 10.04.2015 Would you build a safe entirely out of plywood and then try to figure out how to keep attackers with Sawzalls away? Or you use thick steel, forcing attackers to go after the lock?
Ian Grigg, CRYPTO mailing list, 05.03.2015 We've now got revelations that the local big state has slid in bad RNGs, financed bad patches, caught intercepting fedexes with critical hardware, runs a complete shadow interception network, and engages in cyber-destruction of industrial equipment. And, we want to give states the ability to change our crypto? Huh? I think this debate will rumble on, but we will have to face these arguments head-on and battle through them. Until we win the argument, IETF will continue to create and push out standard protocols with weaknesses built in, and industry will continue to pay for this folly.
Sunlight is the best disinfectant. Openness will lift the game. They will do a better job, think about wilder scenarios, come up with a more balanced risk approach because they will be less likely to sweep inconvenient risks under the table. We might spot something they truly missed.
This illustrates what I mentioned in my previous message, that IPsec's transparency means that "it's indistinguishable from security that's not present".