Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades

March 2, 2020 by Jonathan Bennett 83 Comments

There have been a few moments in the past few years, when a conspiracy theory is suddenly demonstrated to be based in fact. Once upon a time, it was an absurd suggestion that the NSA had data taps in AT&T buildings across the country. Just like Snowden’s revelations confirmed those conspiracy theories, a news in February confirmed some theories about Crypto AG, a Swiss cryptography vendor.

The whole story reads like a cold-war era spy thriller, and like many of those novels, it all starts with World War II. As a result of a family investment, Boris Hagelin found himself at the helm of Aktiebolaget Cryptograph, later renamed to Crypto AG (1952), a Swedish company that built and sold cipher machines that competed with the famous Enigma machine. At the start of the war, Hagelin decided that Sweden was not the place to be, and moved to the United States. This was a fortuitous move, as it allowed Hagelin to market his company’s C-38 cipher machine to the US military. That device was designated the M-209 by the army, and became the standard in-the-field encryption machine.

Continue reading “Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades” →

This Week In Security: DNSSEC Temporarily Lost Their Keys, FIDO, And One Weird Windows Trick

February 21, 2020 by Jonathan Bennett 12 Comments

DNSSEC is the system that allows for cryptographically secure DNS. It’s all based on a root cryptographic key, maintained by the Internet Assigned Numbers Authority (IANA). Ever wondered where the root Key Signing Key is stored, and how it’s accessed? Four times a year, a ceremony is held where the root key is pulled out of a physical safe, and maintenance tasks are performed in front of a group of witnesses.

Such an event was scheduled for February 12th, but a teensy problem was discovered. One of the safes that holds the key media had a broken lock, and the root key signing key was inaccessible for a few days while repairs were effected. The open nature of IANA means that much of their operations are publicly reported, and you can even watch the key signing ceremony, which was finally held on February 16th.

Continue reading “This Week In Security: DNSSEC Temporarily Lost Their Keys, FIDO, And One Weird Windows Trick” →

Hackaday

Crypto AG

2 Articles

Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades

Continue reading “Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades” →

This Week In Security: DNSSEC Temporarily Lost Their Keys, FIDO, And One Weird Windows Trick

Search

Never miss a hack

If you missed it

My Space

NASA Is Now Tasked With Developing A Lunar Time Standard, Relativity Or Not

VAR Is Ruining Football, And Tech Is Ruining Sport

Mining And Refining: Uranium And Plutonium

Programming Ada: First Steps On The Desktop

Our Columns

Hackaday Links: May 5, 2024

Tool-Building Mammals

Hackaday Podcast Episode 269: 3D Printed Flexure Whegs, El Cheapo Bullet Time, And A DIY Cell Phone Sniffer

This Week In Security: Default Passwords, Lock Slapping, And Mastodown

FLOSS Weekly Episode 781: Resistant To The Wrath Of God

Search

Never miss a hack

Subscribe

If you missed it

Our Columns