SoylentNews is people
SoylentNews
from the spammers-should-be-{insert-punishment-here} dept.
Peter N. M. Hansteen asks the question, "Does Your Email Provider Know What A "Joejob" Is?" in his blog and provides some data and discussion. He provides anecdotal evidence which seems to indicate that Google and possibly other mail service providers are either quite ignorant of history when it comes to email and spam, or are applying unsavory tactics to capture market dominance.
[Ed Note: I had to look up "joe job" to find out what it is. According to wikipedia:
A joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also e-mail spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages.
]
(Score: 1) by FrankL on Tuesday April 26 2016, @03:12AM
Thanks, I wasn't aware that RSA-768 was first known to be factored back in 2009;
just found the paper by Kleinjung et al. ; very interesting!
Are you active in the cryptography field?
Is there a consensus among academics on the expected level of cryptography research by nation-state agencies, compared to the academic world?
...Are they expected to be somewhat ahead? (how many years?)
The only example that I can remember on this is the 1973-1975 work done by the NSA to strengthen the S-box in DES.
Of course, that's 40 years out of date today, so we'd need more recent examples to make inferences...
(Score: 2) by stormwyrm on Tuesday April 26 2016, @08:28AM
How far ahead intelligence agencies are beyond the open academic cryptographic community is difficult to estimate. We do know for instance that the NSA and IBM were already aware of differential cryptanalysis at least a decade or so before Eli Biham and Adi Shamir independently discovered it in the late 1980s: Don Coppersmith later revealed that the changes to the DES S-boxes were made to strengthen it against differential cryptanalysis when Biham and Shamir noticed that DES seemed to be so carefully tweaked to make their "new" technique all but useless against it. So in the eighties, they were at least twenty years ahead of the academic cryptographic community.
We haven't seen too many examples of the algorithms designed by the NSA. There are only a few such block ciphers known: Skipjack [wikipedia.org] and a pair of ciphers known as Simon and Speck [schneier.com]. The former was originally part of the controversial Clipper chip proposal and was declassified in 1998 [schneier.com] after they were forced to have to implement the Clipper chip algorithms in software. The latter two were published in 2013 and no one is sure why they did so. Skipjack is an interesting design, as it is an unbalanced Feistel network, similar to a design independently proposed by Bruce Schneier and Matt Blaze in 1994. The immediate heritage of Skipjack's design is said to date back to around 1980, so that would make the NSA about 14-15 years ahead of the academic cryptographic community back then.
For public key algorithms things are less certain. It's known that someone in GCHQ seems to have invented an algorithm that amounted to RSA in 1973, 4-5 years before Rivest, Shamir, and Adleman did so. The algorithm used for key exchange with the Clipper chip, known as KEA, was declassified along with Skipjack in 1998, and it is nothing weird, merely a variant of traditional Diffie-Hellman key exchange. No one knows if any of the still-classified public key and key exchange algorithms are anything really special.
I'm not really active in the cryptography field, just a programmer who has an abiding interest in cryptography and cryptanalysis. The most I've done professionally is implement a few algorithms for embedded systems, e.g. just before the AES contest ended I wound up coding Rijndael, which eventually won, for a small 8-bit microcontroller. I read Schneier's blog and follow developments in the field when I have the time.
Numquam ponenda est pluralitas sine necessitate.