The NSA and Encryption

By Paul Rosenzweig
Friday, September 6, 2013, 9:37 AM

By now, many readers will have seen this report from the New York Times on the capabilities of the NSA to crack encryption systems used in cyberspace.  I'm not surprised.  That, after all, is the task we've given the NSA and they are quite evidently very good at it.  It seems evident however, even allowing for confusion in the reporting, that those capabilities are somewhat misunderstood -- the NSA is still not able to crack directly some of the most robust cryptography.  Rather, their success appears to be in finding ways to circumvent the cryptography -- either by accessing information on a computer before it is encrypted; by introducing flaws into cryptographic standards to exploit or, in some cases apparently, working with cloud service providers to ensure access to cloud-provider-generated cryptographic keys.  All of which put me in mind of this XKCD cartoon (HEncryption in the Real WorldT: Jeff Gould):