Feeds

Vint Cerf wanted to make internet secure from the start, but secrecy prevented it

Tells Google Hangout buds that tech was 'classified' at the time...

Using blade systems to cut costs and sharpen efficiencies

The NSA acted as a barrier to the rollout of encryption as standard from the very inception of the internet back in the mid 1970s.

Youtube Video

Engineers had wanted to add a network encryption layer as part of the original specifications for TCP/IP. Whitfield Diffie and Martin Hellman had published a paper on public key cryptography systems, so the kernel of a technology to make the internet secure was already there. However the algorithms that would have made the idea a practical reality had to wait until Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977.

Intel agencies including the NSA and GCHQ had already invented public key cryptography systems, but this work remained top secret.

Meanwhile, Vint Cerf, the pioneering internet security engineer, was working on components of a classified NSA at Stanford in the mid 1970s to build a secure, classified internet.

Cerf explained during a Google Hangout session:

I worked with the National Security Agency on the design of a secured version of the internet but we used classified security technology at the time and I couldn't share that with my colleagues. If I could start over again I would have introduced a lot more strong authentication and cryptography into the system.

Video from the key segment of the session can be found here (via YouTube).

Not sharing a fundamental leap forward in privacy communications security technology at the height of the Cold War is understandable if regrettable from the perspective of the current lamentable state of internet security.

Cert's historical footnote does, however, add an extra element to the current debate over the NSA's attempts to weaken encryption schemes and push weak algorithms through schemes like Project Bullrun and the now infamous Dual_EC_DRBG "backdoor".

Former NSA general counsel Stewart Baker, a lawyer rather than a cryptographer, argues that suggestions that his former employer is undermining net security are wide of the mark last weekend. Baker's blog post provoked a feisty exchange with regular sparing partner Jacob Appelbaum, a Tor Project developer, on Twitter. Appelbaum argued the NSA was sabotaging US companies, crypto standards and the US Constitution.

Baker responded that Edward Snowden is "under the thumb" of the Russians and that his revelations about NSA spying tactics are assisting authoritarian government, including the government of Syria.

The exchange can be reviewed here. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.