CRYPTO: Crypto can’t be trusted

*** begin quote ***

Date: Fri, 05 Nov 2010 17:47:43 -0700

From: Gene Wirchenko <>

Subject: Getting Crypto Wrong

Neal Ungerleider, How Haystack Risked Exposing Iranian Dissidents,, 20 Sep 2010

In 2009, Iran was in turmoil, and the Islamic Republic was blocking and monitoring sites used by opposition groups — until a team led by American IT specialist Austin Heap built a program, Haystack, and touted it as a secure and anonymous Web portal for Iranians. *The Guardian* lauded it, and U.S. Secretary of State Hillary Clinton personally praised Heap. The U.S. government even gave him rare permission to export his cryptological software to Iran. Among an elite group of beta testers — and many more unauthorized users — Haystack was a godsend.

Then in Sept. 2010, security experts discovered a problem: Iranian authorities, the very ones Haystack was supposed to circumvent and shield against, were exploiting massive holes in the encryption scheme to snoop on dissidents.

[Beware of anonymity-bearing gifts. As we have noted here before, ALWAYS look a gift (trojan) horse in the mouth. PGN]

*** end quote ***

It all comes back to how do you know the stuff works?

# # # # #

Please leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s