[Ach] Network Operations Division Cryptographic Requirements

Aaron Zauner azet at azet.org
Wed Mar 8 13:25:27 CET 2017

> On 08 Mar 2017, at 01:33, Hanno Böck <hanno at hboeck.de> wrote:
> On Tue, 7 Mar 2017 15:11:03 +0000
> Aaron Zauner <azet at azet.org> wrote:
>> For review:
>> https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20TOP%20SECRET.pdf
> The document contains a lot of outdated advice.
> E.g.:
> "(S//NF) Confidentiality must be provided by AES, Serpent, Twofish,
> Blowfish, 3DES, or RC4 with a minimum key size of 128 bits. Block
> ciphers must be operated in Galois/Counter Mode (GCM), Counter Mode
> (CTR), or Cipher Block Chaining Mode (CBC). If RC4 is used, at least
> the first 1024
> bytes of the cryptostream must be discarded and may not be used."

Yeah, it's not really up to date. I guess purging the first 1024 bytes in the bitstream of RC4 would make bias attacks far harder as the biases are at the beginning of the stream. In general this seems to be stupid advice, though. I haven't seen any Suite A ciphers mentioned - so I think they're still only used by NSA for satcom / classified networks et cetera, everything else seems to use Suite B-based crypto. The leaks also contain discussion about Equation Group and choices of ciphers for CNC/exfil - apparently NSA recommended a weird internal crypto lib that the intelligence community was using for quite a while and was easy to detect because of certain parameters and especially algorithm choices: https://wikileaks.org/ciav7p1/cms/page_14588809.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20170308/abf1464a/attachment.sig>

More information about the Ach mailing list