June 16, 2004

They Should Have Used Blowfish

Bruce Schneier presents some speculation about reports that the American NSA was able to read Iranian codes, and that Ahmed Chalabi informed the Iranians of that fact. I agree with his conclusion that it is really hard to be sure about anything, especially for ordinary people without access to inside information.

However, one thing is quite clear. Anyone paying attention can use some block cipher like Blowfish that won't be broken, not even by the NSA. Schneier's designing power beats the NSA's analysis power. That's not because Schneier is so smart (he is), but because this part of the game is rigged in favor of the designer. There are many secure ciphers around freely available on the Internet.

Therefore, I think reports that a nation state doesn't have the common sense to use strong encryption deserve a high level of scepticism, even if those reports didn't originate from the source that told the world about imminent WMD threats of the great Iraqi military machine to the American homeland.

Strong encryption is available even to me, if I cared to use it. Therefore, if the NSA is able to break the cipher of some nation state, that means quite obviously that they were intended to do so, so as to be able to feed the Americans faulty intelligence.

And, yes, even if that rather unlikely scenario is true and Iran used breakable encryption without knowing, why would anyone tell Mr. Chalabi about that fact?

Posted by Karl-Friedrich Lenz at June 16, 2004 12:13 PM | TrackBack