back to article Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

CIA director John Brennan told US senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use US-based technology because it's been forced to use weakened cryptography, they'll be …

Page:

  1. GraemeKilshaw

    CIA Director Mr. Brennan and I share a common interest and purpose in encrypted cyber technologies. I designed and built the FCG Computer at 51 Astor Place in New York, New York. IBM, the NSA, the CIA, the FBI, the IMF, and the FCG collaborate, co-develop, and co-promote for US interests.

  2. DrM
    Devil

    Amazing

    Amazing how someone can be so full of shit?

  3. CheesyTheClown

    From 55 Countries?

    Let's be fair for a moment. Encryption standards as they stand today originate in the US. There are many many good encryption techniques, many which are likely stronger and better than AES, RSA and DH. The issue however is that nearly every product in the report about encryption coming from 55 countries is they use standards.

    We use standard ciphers because at some point we believed they were strong enough to keep us safe. Some people who call themselves security experts think they're unbreakable, that is sheer vanity and silliness. There have been many enhancements made to AES for example which strengthen it, but the AES block cipher itself isn't particularly strong.

    The reason we still use these ciphers has more to do with dependence on things like hardware and software for encryption. Intel and ARM CPUs have acceleration engines for the standard ciphers as well as some of the more popular non-standard ciphers. Processing the encryption in software is not practical for most applications. For example, running full disk encryption in software would take that awesome SSD and make it feel like MFM drives from the 80s.

    For messaging and mail and basic storage encryption, software can be used. But which cipher should we trust?

    AES became a standard after a massive amount of peer review and a great deal of experimentation by thousands of researchers, mathematicians and hackers. To find a suitable replacement would require a European or UN effort of similar scale. Even now, there is a certain belief that unless a cipher is blessed by the NSA or the Israeli Mossad, it's likely considered weak. There are many cipher researchers outside the US and Israel, but it is unlikely they are as public or well funded as thsoe guys are.

    Is it time for something better? Sure... just need to run a competition like they did for AES, find a suitable review board and pass European laws to mandate that Intel and ARM can't ship AES acceleration unless they also support the new standard... this can take a few years.

    1. Alister

      Re: From 55 Countries?

      Let's be fair for a moment. Encryption standards as they stand today originate in the US.

      AES - Belgium

      RSA - one of the inventors is Israeli

      ??

  4. Anonymous Coward
    Anonymous Coward

    No US suppliers in sight.

    I work in payments, processing cards and payments for most of Europe. Our company also does (state) authentication etc. We deal with a lot (all?) of the HSM suppliers and smart-card suppliers.

    Off the top of my head we are dealing with Finnish, Danish, Dutch, German, Belgium, French, Swiss Austrian, Italian and UK suppliers.

    There is not a single USA company involved.

    Some of our customers have a specific non-USA requirement...

  5. Stevie

    Bah!

    Encouraging tht the CIA has finally got the bit between its teeth after two decades of bad intel and outright lies.

  6. wd400

    Brennan is correct: he talks about <<US-based technology>>, and that includes the HARDWARE and MICROCODE which can be used to weaken cryptography by installing some sort of a backdoor.

    Some not so theoretical examples:

    1. bios-based anti theft which the capability to run arbitrary code on the machine.

    2. producer's "trusted" signature that can be used to (remotely?) replace processor microcode.

    3. (activated by default) CPU-based Management Technology.

  7. wd400

    Brennan is correct. Backdoors are possible.

    Brennan is correct: he talks about [US-based technology], and that includes the HARDWARE and MICROCODE which can be used to weaken cryptography by installing some sort of a backdoor.

    Some not so theoretical examples:

    1. bios-based anti theft which the capability to run arbitrary code on the machine.

    2. producer's "trusted" signature that can be used to (remotely?) replace processor microcode.

    3. (activated by default) CPU-based Management Technology.

  8. Anonymous Coward
    Anonymous Coward

    To reuse a comment about Boris J.

    He's not nearly stupid enough to believe what he is saying.

  9. Kevin McMurtrie Silver badge
    Paris Hilton

    The world is flat so non-US corporations are at risk of falling over the edge. I stood on a ladder today and checked: it's true.

  10. Koschei

    wa?

    Ok, so we don't "dominate" the encryption landscape, sure, but .AU has a few companies, including YDF (your digital file)- doing very nice encryption, thank you very much. Typical american-centric view of the world.

    Plenty of startups outside the US going hammer and tongs on encryption. Nothing theoretical about it. And we will happily eat their lunch if the US want to shoot themselves in the foot.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like