Woah. Apparently, world famous – possible world number one – cryptography software provider Crypto AG has been secretly backdooring their products on behalf of the NSA and others for decades. Their software had customers in 130 countries – maybe not all governments, but certainly a lot of them. As the article speculates, that may be the greatest sting operation ever, at least in terms of pure quantity.
There is no such thing as cryptographically secure closed source software, it’s as simple as that. This incident drives that point home with about the greatest force imaginable.
Via Bruce Schneier, who perhaps wisely points out that the facts in this case are yet to be proved. Unfortunately, if history is any guide, it’s highly unlikely that they ever will be – or, indeed, that they even can be. With operations like this plausible deniability is the name of the game and I’ll eat my hat if the NSA ever allowed anything to be put on paper, reducing the incident forevermore to a conspiracy theory of hearsay, 30-year-old eyewitness accounts and mysterious coincidences.
Tags: cryptography, NSAKEY, open source