Why the NSA Called Me After Midnight and Requested My Source Code

[ihuman]

Previous discussion: https://news.ycombinator.com/item?id=18293940

[anonlastname]

Strange that they would need the source code. I would think that it should be easy to figure out what encryption algorithm it uses by looking at the binary if it wasn't blatantly advertised anyway.

[tgsovlerkhgsel]

They may not need it, but source code will allow them to read it faster and with a higher chance of getting it right.

It will also make it easier to re-run the decryption routine to get the original file/verify a cracking attempt instead of having to reimplement it correctly (possibly without having known-good test vectors to check if they got it right).

[Arnt]

I expect what he wanted was the data structures. You know — length field at the start, then foo, then bar, then payload data.

(I've never broken "real" encryption, but I spent quite some time during my teens on, ah, improving the user-friendliness of computer games.)

[dnautics]

one guess might be they wanted to know exactly how the software seeded the PRNG, to cut down their search space dramatically.

[shittyadmin]

The binary would tell them that - in fact, it'd tell them that better than the source if there were any overlaps into garbage memory for example.

Wanting the source is purely for speedy analysis.

[dnautics]

I've never done windows (95?) disassembly, but from what little VSC++ I did back in the day, for the sake of speed, I would probably have wanted to see the source code instead of disassembling! Don't know how good at this stuff the NSA was back then.

[powerbroker]

Why is it midnight when the NSA calls, in Connecticut (EST), and 1AM when he calls to his partner, IN CALIFORNIA, for the source code?

[cpr]

Must have been 4 hours later?