NSA’s claim backdoor off encryption table draws skepticism from cyber pros
(TechNewsWorld) John P. Mello Jr., a reporter who focuses on cybersecurity and privacy, followed up on the “no backdoor in the new encryption standards being worked on by NIST ” statement made last week by the director of cybersecurity at the National Security Agency. Mello found “a few smirks among cyber pros” concerning the “No back Door.” IQT-News summarizes Mello’s extensive interviews below.
In cybersecurity parlance, a backdoor is a deliberate flaw in a system or software that can be surreptitiously exploited by an attacker. In 2014, the rumor that an encryption standard developed by the NSA contained a backdoor resulted in the algorithm being dropped as a federal standard.
Mello interviewed Lawrence Gasman, president and founder of Inside Quantum Technology, of Crozet, Va., a provider of information and intelligence on quantum computing, maintained the public has good reason to be skeptical about remarks from NSA officials. “The intelligence community is not known for telling the absolute truth,” he told TechNewsWorld.
Gasman said that he thinks the world will see a quantum computer sooner rather than later. “The quantum computer companies say it will happen in 10 years to 30 years,” he observed. “I think it will happen before 10 years, but not sooner than five years.”
Moore’s Law — which predicts that computing power doubles every two years — doesn’t apply to quantum computing, Gasman maintained. “We already know that quantum development is moving at a faster speed,” he said.
“I’m saying we’ll have a quantum computer quicker than in 10 years,” he continued. “You won’t find many people who agree with me, but I think we should be worried about this now — not just because of the NSA, but because there are a lot worse people than the NSA who want to exploit this technology.”
“The NSA has some of the finest cryptographers in the world, and well-founded rumors have circulated for years about their efforts to place backdoors in encryption software, operating systems, and hardware,” added Mike Parkin, an engineer with Vulcan Cyber, a provider of SaaS for enterprise cyber-risk remediation, in Tel Aviv, Israel.
“Similar things can be said about software and firmware sourced from other countries that have their own agencies with a vested interest in seeing what’s in the traffic crossing a network,” he told TechNewsWorld.
“Whether it’s in the name of law enforcement or national security, the authorities have a long-running disdain for encryption,” he maintained.
There should be a trust but verify approach when it comes to encryption and security generally, advised Dave Cundiff, CISO at Cyvatar, maker of an automated cybersecurity management platform, in Irvine, Calif.
“Organizations may have the best of intentions but fail to see those intentions all the way through,” he told TechNewsWorld. “Government entities are bound by law, but that doesn’t guarantee they will not introduce a backdoor intentionally or unintentionally.”
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.