
NSA Brute-Force Keysearch Machine - remx
https://www.schneier.com/blog/archives/2017/05/nsa_brute-force.html
======
wand3r
Schneier often has great insight but this blog post was pretty much the
opposite of that. I _think_ I recall reading the original post from the guy
who found that NYU info; and I def. read the Intercept piece.

Schneier's post quotes the original article and says unfortunately we don't
know more. Literally over 50% of it is a quote from another article which he
derides for it's lack of substance. Not sure what the point is.

~~~
tptacek
For better or worse --- I think, often, it's for the worse ---- Schneier has
an audience that wants his reaction on all the crypto news of the day. This is
his reaction to the Intercept story. In this case, by the way, I think he's
dead on.

We all need to resist the urge to judge pages linked from HN in the context of
"worthy of the front page of Hacker News". Sometimes authors are writing
explicitly to that kind of audience, but often, as in this case, they're not.
In the context of the service Schneier is trying to provide, this is a solid
and useful post.

------
jhallenworld
I wonder how programmable it is... Assuming it's not programmable would be an
argument not to use standard encryption algorithms.

~~~
sp332
ASICs are not reprogrammable. And they're expensive to build, but the NSA
apparently has the resources to build new ones at semi-regular intervals, so I
don't know if switching algorithms would really slow them down that much.

~~~
robert_foss
Considering that it takes 1-2 years to spin custom silicon I would say that it
is a viable approach.

~~~
mcshicks
I think they could probably do significantly faster than that since these
would presumably be a relatively low volume, single customer application, and
wouldn't need the extensive testing cycle required for mass production ASICs.
Which is to say it doesn't take a year from delivering a mask set to a fab to
getting packaged parts.

------
alex_duf
> Whatever the details, this is exactly the sort of thing the NSA should be
> spending their money. Breaking the cryptography used by other nations is
> squarely in the NSA's mission.

I can't tell if it's sarcasm. (it's a serious question)

~~~
tptacek
It's obviously not sarcasm.

------
yeukhon
"Unfortunately, the Intercept decided not to publish most of the document, so
all of those people with "a Ph.D. in a related field" can't read and
understand WindsorGreen's capabilities. What sorts of key lengths can the
machine brute force? Is it optimized for symmetric or asymmetric
cryptanalysis? Random brute force or dictionary attacks? We have no idea."

When I was reading the news article, I thought to myself, should they really
be publishing classified information? The dumb leak was one thing, but
publishing it more broadly is a whole different thing. If this was a
government contract, I would assume these are classified documents (which they
are). Obviously we tax payers should have the right to know, but logically,
wouldn't that consider a crime just like leaking to Wiki Leaks?

~~~
nyolfen
> When I was reading the news article, I thought to myself, should they really
> be publishing classified information?

are you not familiar with the intercept? it was initally created mainly to
publish snowden documents

> wouldn't that consider a crime just like leaking to Wiki Leaks?

we have freedom of the press in america

~~~
yeukhon
Freedom of press does not mean you can just report on classified information
without consequences. You can't just go into Google office and start leaking
an NDA project. In this circumstances, sure, the document was available
publicly. But since it has been hidden, wouldn't further distribution
considered illegal?

~~~
pvg
_Freedom of press does not mean you can just report on classified information
without consequences._

In the US, you effectively can, assuming you are actually the press and have
the means of defending yourself. While there are laws on the books that
supposedly limit this in various ways, they are generally not invoked - notice
the government typically _asks_ papers to delay publishing classified
information they may have received.

