Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Approves First 802.11b Product for Secret Data

Posted by michael on from the modprobe-orinoco dept.

joehoya writes "I realize this is a couple of days old, but the National Security Agency recently certified the Harris Corp's Secnet-11 as the first 802.11b system permitted to carry US SECRET level data. See press release. The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN. Unfortunately, you and I won't be able to buy them, as they are only available to organizations with an NSA COMSEC account."

11 of 252 comments (clear)

  1. Proprietary crypto is lame by BalkanBoy · · Score: 4, Insightful

    ... Bruce Schneier has said this over and over again - it will be a cold day in hell before a proprietary cryptographic algorithm is going to be nearly as scrutinized as a publically available one. I don't see that the algorithm the NSA's using has been disclosed (in the article), and I doubt it will be. Granted, the NSA has probably more cryptographers on staff than anyone else, but that is no guarantee for the quality of the algorithm they are using. This way they may be potentially running on borrowed time until someone figures out a way to attack it...

    --
    'A lie if repeated often enough, becomes the truth.' - Goebbels
    1. Re:Proprietary crypto is lame by photon317 · · Score: 5, Insightful

      However, the NSA is somewhat of an exception to this rule. It is widely known that they are the largest employer of mathemeticians worldwide, compared to any other governmental or private organization, including universities. Therefore, widespread solid peer-review of cryptography can actually happen *inside* the NSA without making anything public to the outside world and they would still get decent results. Add on that the NSA's cryptographers and mathematicians tend to be about a decade ahead of the public/academic world, and it all adds up to the NSA not needing to follow the conventional cryptography peer review mantra.

      --
      11*43+456^2
    2. Re:Proprietary crypto is lame by nrjyzerbuny · · Score: 2, Insightful

      "it will be a cold day in hell before a proprietary cryptographic algorithm is going to be nearly as scrutinized as a publically available one."

      The NSA is the largest employer of mathematicians and cryptographers in the world. World-class peer review is possible within the NSA. How many people peer review crypto? Honestly? This is the same argument used for Open Source software, and the same thing applies, plenty of people use it, and a few actually look over the source, if they break it, or find something they don't like. I would bet that more people look over NSA internal crypto than have looked over most public source crypto. In addition, the people looking at NSA source are all qualified individuals, people who know an S-Box from their asshole.

      The NSA is consistantly 10-20 years ahead of the private and scholastic sector. The NSA for example was involved in the creation of the S-boxes for DES. While many people argued that the NSA would weaken the algorithm in an attempt to make it more easily crackable, only later was it discovered that the original boxes were vulnerable to an attack that had not even been discovered by the non-government sector.

      You may not trust the NSA, but their in-house review is as good and better than anything you will find elsewhere, even in the much-vaunted open-source community.

  2. speak for yourself by tps12 · · Score: 5, Insightful

    you and I won't be able to buy them

    While you're correct that most citizens (including Slashdot editors, I'd guess!) won't be able to buy these babies, please remember that a large portion of Slashdot's readership is in IT, some of us in positions where we may, in fact, purchase equipment through an NSA COMSEC account. Industries and corporations deemed "essential to the National Security" under conditions set forth in the NPHG Protection Act have been given this priveledge since its passage in 1973, in response to the Viet-nam War. I work at a major corn distributor (food being an essential supply during potential siege or embargo, and breakfast being the most important meal of the day), and I can tell you that I hope to have my hands on these sometime this month, before Christmas or President's Day at the very most. It should speed up our processes considerably to not have to be tied to "wired" networks. It's a fun time to be in IT, and this cloak-and-dagger stuff just makes it better.

    --

    Karma: Good (despite my invention of the Karma: sig)
    1. Re:speak for yourself by treat · · Score: 5, Insightful
      It should speed up our processes considerably to not have to be tied to "wired" networks.

      Then why didn't you just run ipsec over conventional 802.11? It will be just as secure as this, and can be done on commodity hardware and with free software.

  3. Re:hum.... by Syncdata · · Score: 3, Insightful

    When will someone take one apart
    Excellent Question, especially given the well publicized trouble government employees have in holding on to their laptops. Just cause it's technically secure doesn't mean the laptop itself can't just get picked from an unnattentive employee.

    --
    "Inattention makes clowns of us all" -Bean
  4. Do it at higher level anyway by Goonie · · Score: 3, Insightful

    Better still, don't bother with encryption at the hardware or driver level at all - do it at the application level where the algorithm can be changed without too much hassle if it is discovered to be insecure.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  5. Sounds like... by sheWhoWalksWithToesL · · Score: 2, Insightful
    Security via obscurity. I wonder how long THAT will last.

    --
    -SheWhoWalksWithToesLikeCobras Please enter any 11-digit prime number to continue...
  6. Re:why not in software? by pVoid · · Score: 2, Insightful

    Remember, what can run, can be reverse engineered. Them making a software driver is an invitation for people to reverse engineer the stuff going on in the card.

    Eventually, yes, a smart person will make a software version of this (that's the outcome of it all). But the reason they use hardware is to make life harder. Maybe even impossible (if enough effort were to go into the hw design).

  7. Re:How is this unfortunate? by Cadre · · Score: 3, Insightful
    I have a question that's related: how do I make sure that nobody unauthorized is connected to my network?

    IPsec

    --
    All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
  8. PCMCIA still good?? by myowntrueself · · Score: 3, Insightful

    Isn't it about time that PCMCIA were replaced so that people have to buy new laptops etc?

    (I imagine it wont be long before you won't be able to buy a MB with PCI; VLB started out as a purely graphics bus (VESA local bus) and it wasn't long before it was used for SCSI, Multi IO and probably others. Were there ever VLB NICs?

    With this history it is a little surprising that manufacturers arn't producing multi-AGP boards and SCSI cards etc on AGP, eventually replacing PCI.

    I know its not an exact match, and maybe theres something about the AGP standard that makes this impossible, but you get the picture;

    Market saturation requires forced obsolescence and upgrade fever to achieve constant economic growth. Any stability spells doom for the market for some reason; its a self destabilising system. Any trends of economic stability as opposed to economic growth causes instability and either growth or shrinkage, thereby producing instability again.
    I dunno about the commas in those sentences. Feel free to rearrange them to taste.

    --
    In the free world the media isn't government run; the government is media run.