Last time I explained how quantum computing relies on the phenomenon of 'superposition'. And though this year the NSA is spending $79.7 million on quantum computing research and development projects, the recent award-winning achievements in particle physics tell us that a quantum computing platform would most likely take years if not decades to engineer.

 

At stake in the effort, besides a new era of computing with mind-boggling power and scale, would be a breakthrough in code-breaking, enabling access to AES encrypted data already being warehoused in Bluffdale, Utah. Since the value of that data decreases based on the time it takes to break the cipher protecting it, a quantum computing platform that takes decades to complete would be of decreasing value with regards to data warehoused now. In short, assuming you use an AES cipher to protect the privacy of your data now, how much would you care if the NSA gained access to 2014 data sometime between 2034 and 2064?

 

Generating Encryption Keys

 

The National Institute of Standards and Technology (NIST) publishes a series Federal Information Processing Standards (FIPS) documents related to information security. FIPS PUB 140-2 lays out criteria for accrediting cryptographic modules. If you adhere to FIPS 197 in implementing AES within a computer application, for example, then NIST's Cryptographic Module Validation Program (CMVP), using criteria in FIPS 140-2, validates your application as FIPS-compliant.

 

If encryption software does not generate random keys and protect those keys from interception, then the software only guarantees that its ciphered data is secure from those who do not know how to exploit its key management flaws. You can imagine the trouble with CMVP's integrity were they to certify a non-secure key generation module--which, yes, they seem to have done with RSA Corporation's BSAFE cryptographic system. Since 2004 BSAFE has been generating keys that are accessible to the NSA via an engineered backdoor.

 

Worse than CMVP's implied incompetence in validating BSAFE is its possible collusion with the NSA in getting BSAFE's Dual_EC_DRBG key generation backdoor into circulation as  part of a trusted cipher system. And in any case, the verifiability of any cryptographic system is a sorely open issue. If we can't trust NIST, then who can we trust to verify the cryptography we use but do not create ourselves?

 

The Cost of RSA's Profitability

 

Security experts have been aware of the flaws in BSAFE's key generation since 2007, two years after the BSAFE specification was published. Only with a recent Snowden-sourced story did we learn that the NSA paid RSA $10 million to make the rigged Dual_EC_DRBG component the default random number generator for BSAFE.

 

Among other things, we have another confirmation that verifiably AES-based key generation and data encryption are the only truly secure cryptopgraphy options in our contemporary context. Trusting the source of your software for monitoring network devices is more important than you may have thought.