August 20, 2016

"A group calling itself the 'Shadow Brokers' claimed to have stolen some of the NSA’s 'Equation Group’s' 'cyber weapons'. "

musings: A sample of the tools were made publicly available with the others supposed available to the winner of an auction. by Stephen Checkoway

'The Washington Post is reporting that these are legitimate NSA tools.

'I looked at two tools and found:
128-bit keys generated using 64 bits of entropy.
Apparently repeated IVs.
(Update) IV leaks bits of the hash of the plain text.
No authentication of the encrypted communication channel.
Sloppy and buggy code.
'Maybe I simply picked bad tools and the others are all fantastic, but I kind of doubt it. Overall, I’m not impressed by what I’ve seen here.'

No comments: