Hacker News new | past | comments | ask | show | jobs | submit login

The document titled "ECI Compartments" is interesting:

* It's possible work out the geographic region of certain compartments based on the organizational code attached to it.

* The redactions in the "Control Authority" column are variable size, possibly even proportionate to character length.

* The fact that document was merely classified "confidential" is odd.

* I was able to identify[0][1] all but one item listed in the "Organization" column.

The sole item that eluded identification was "S0242". It is listed alone under two compartments. I couldn't find anything on it; one can only surmise it is something within the Signals Intelligence Directorate (probably something boring, despite the mystique).

[0] http://en.wikipedia.org/wiki/National_Security_Agency#Struct...

[1] http://www.matthewaid.com/post/58339598875/organizational-st...

What could "NSA/CSS Commercial Solutions Center (NCSC)" (from [1]) actually do? They write on their public web page:


"The NSA/CSS Commercial Solutions Center (NCSC) addresses the strategic needs of NSA/CSS and the national security community by harnessing the power of U.S. commercial technology."

Two pieces of information that add up to a larger story:

* The NSA/CSS Commercial Solutions Center (NCSC) is specifically built around Elliptic Curve Cryptography that they acquired from Certicom.

>The NCSC also manages the Elliptic Curve Cryptography (ECC) program on behalf of the NSA/CSS. Elliptic curve provides greater security and more efficient performance than first generation public key techniques currently in use. NSA/CSS purchased a license that covers intellectual property in a restricted field of use to assist in the implementation of elliptic curves to protect U.S. and allied government information. - https://www.nsa.gov/business/programs/ncsc.shtml

* Certicom designed the Elliptic Curve DRBG (Dual_EC) algorithm including the backdoor (Certicom patented the backdoor functionality in 2005)[0]. The NSA then included this algorithm + backdoor into NIST standard and payed RSA 10 million dollars to make it the default DRBG.

Putting these two facts together suggests that the NCSC was responsible for the Dual_EC backdoor.

[0]: http://en.wikipedia.org/wiki/Dual_EC_DRBG

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact