Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index. It’s hard to believe that there are any real secrets left in this 44-year-old volume.
Peter A • August 31, 2021 10:35 AM
IANAC[ryptanalyst], but some topics in the table of contents are known to me from widely available textbooks, even if in very general terms only. The work itself seems well-structured and follows a logical progression. Therefore I wonder if a truly well-versed cryptanalyst from the academia could actually guess what the redacted sections were about? Any ideas?
echo • August 31, 2021 10:01 PM
@Peter A
IANAC[ryptanalyst], but some topics in the table of contents are known to me from widely available textbooks, even if in very general terms only. The work itself seems well-structured and follows a logical progression. Therefore I wonder if a truly well-versed cryptanalyst from the academia could actually guess what the redacted sections were about? Any ideas?
I can’t speak for the US but how it works in the UK is there could be people who might guess. I don’t see a flood of it though. Those who might know for sure are on the payroll.
The UK organises things differently to the US. The US tends to build organisatiosn where everything is in house even if it means re-inventing the wheel a dozen times over. (See US special forces where the even the founding officers are complaining it’s too top heavy and lost its original purpose. That’s the real special forces not the gold star for turning up brigade.) The UK does have in house staff but a fair proportion of work is farmed out on case by case basis. This is more and more true as you step down from the boffin types like GCHQ, through MI5 and SIS, through to the more low key or dirty end of the spectrum which is difficult to seperate from coincidence.
One thing Americans don’t get for a lot of reasos is they ted to clear stuff because it is known. The UK approach is different. Stuff can be blocked even if it is know because knowing it can give people ideas. The thing is once you know something is possible this removes a lot of psychological and funding and cooperation blocks so the next thing along is at a higher risk of being discovered or it’s importance in the scheme of things being discovered.
The UK has also been known to sit on things even where there might be economic advantage in releasing it.
To some degree you could argue that there is nothing new to be discovered in the redcated material but, and this is the but, knowing what the redacted material is could be the secret for the reasons I’ve stated. The secret secret is you don’t know why it is secret and that could be 2-3 levels deep and involve issues which have nothing to do directly with the redacted material.
To some degree most advanced nations states most likely have ballpark understandings but most of these same states have their own geo-politicial ambitions as well as domestic issues not to mention law enforcement issues. By throttling public discussion you keep things damped down so criminals and terrorists don’t get bright ideas. See also section 58 of the Terrorist Act 2000. From time to time I suspect this is why the moderation hammer comes down and I cannot say I disagree with this in principle.
Winter • September 1, 2021 4:44 AM
@Moderator
Jack William comment-387858
Unsolicited advertisement.
Clive Robinson • September 1, 2021 5:32 AM
@ PeterA,
IANAC[ryptanalyst], but some topics in the table of contents are known to me from widely available textbooks, even if in very general terms only.
It’s what you would expect.
As I point out from time to time the first sanity check you should have on a hypothesis is,
“Do the laws of nature as we understand them alow it?”
More often than not things do not happen because “understand them” is often based on axioms, which are kind of the safe plateau above a very slippery slope of assumptions.
However the difference between an axiom and an assumption is that the axiom is a “tested assumption” thus is considered reasonable within our current body of knowledge.
But humans work by assumptions, we call them hunches, gut feelings, hairs on the back of the neck, etc.
It turns out nearly all human asumptions are erroneous in some way, most often in ways that cause us to not do things.
It’s why we joke about “the bleeding edge” and “it’s the second mouse…” etc which is where we start to see @echo’s point,
“The thing is once you know something is possible this removes a lot of psychological and funding and cooperation blocks so the next thing along is at a higher risk of being discovered or it’s importance in the scheme of things being discovered.”
The French secret service know this and certainly during the latter half of the last century actively carried out “industrial espionage” and gave the results to the “chosen few” in France. As one head of bureau put it, espionage is less expensive than R&D.
The French also played other silly games to get “competitive advantage” one of which caused a crash at the Paris Air show back in the 1973[1]. As I’ve mentioned before I’ve caught them at it at demonstration trials, where they attempted to sabotage a trial of equipment I was giving. We tracked down the source of interferance and the host country we were demonstrating to told us that rhe persons involved “had diplomatic cover”…
The eaaiest way to stop people going down a given path is to have them assume that it will not get them where they want to go. So building up “false/incorrect assumptions” thus a cognitive bias is one of the more effective ways to do it.
But one reason that is so easy to do is we naturally make and use assumptions all the time it’s as a result of our evolution. Be it the lizard or monkey brain you blaim, we do things that were once designed to increase our chance of survival, and assumptions are part of that.
We saw this with the Ed Snowden trove, if you look back on this blog several people had repeatedly said what the Five-Eyes were upto. However they got in effect “shouted down” by those who were working on assumptions not fact. I can remember the surprise that people felt when our host @Bruce asked about what people thought was technically capable because of stories about Bluffdale. It became clear that all that had been said and shouted down was more than technically possible. Then the Ed Snowden trove came along and many assumptions got changed, and it was the “political fallout” not the techbical one that caused most problems.
So when you see things being hidden away this way, look for the “political angle” as that is the most likely cause.
If you doubt this, study the history of the various “black chambers” they suffer when those with real morals take office as opposed to those who’s morals are shall we say very two sided.
[1] The French desperate to find out more about the Russian aircraft, not only put a French Fighter aircraft dangerously in it’s air space causing it to make an emergancy maneuver. They also deliberately cut the planed display flight time of the Russian aircraft to give extra time to the British-French aircraft, causing the Russian display team to try to do a longer practiced display in a very much shorter time in an unpracticed way. The combination of which caused the loss not just of the aircraft, the six Russians aboard and eight French civilians in a near by village. For obvious reasons the French went significantly into both denial and coverup modes. What actually happened became quite well known in the UK because of the British involvment in the design of the British-French rival as the design had to be “re-checked” and information leaked.
https://web.archive.org/web/20000815065943/http://www.time.com/time/europe/magazine/2000/0807/concordski.html
echo • September 1, 2021 7:20 PM
Speaking of odd redactions this report on “Exercise Cynus” has redactions scattered like confetti. Meanwhile the UK governmnet is refusing to release government advice on the use of masks in schools because of the “public interest”. Not only that but information on “Exercise Alice” is being withheld because it would “likely prejudice the conduct of public affairs”. It should be noted this government has created an office at Downing Street through which all FOI requests are funnelled which are deemed “sensitive”.
Public Health England is a FOI black hole. Stuff is routinely refused on the flimsiest of excuses.
I feel sick reading stuff like this especially after reading a yet another report of another avoidable death due to the failure of services and police paying lip service to the law.
Personally I hate reading anything published by PHE as it almost always reads like it’s written by out of touch psychopaths.
Speaking of which sadly my stories relating to military equipment exhibitions are not of the publishable variety. I will just say some of the people involved in those dog and pony shows are narcissistic sociopaths in it for the money and, in their own words, paid more than they are worth. For them an awful lot of stupid money obtained very easily but then if you have an ethics bypass a lot of things are easy.
I really don’t know how some people can keep their mouths shut.
SpaceLifeForm • September 2, 2021 4:14 PM
@ Bruce, Clive, ALL
There are no surprises here.
When there is a backdoor, it will be found.
My BOLD.
hxtps://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html
Members of a hacking group linked to the Chinese government called APT 5 hijacked the NSA algorithm in 2012, according to two people involved with Juniper’s investigation and an internal document detailing its findings that Bloomberg reviewed. The hackers altered the algorithm so they could decipher encrypted data flowing through the virtual private network connections created by NetScreen devices. They returned in 2014 and added a separate backdoor that allowed them to directly access NetScreen products, according to the people and the document.
hxtps://www.twitter.com/matthew_d_green/status/1433470109742518273
Clive Robinson • September 2, 2021 5:35 PM
@ Casandra,
It appears my comments are not making it through the moderator.
I suspect from what others have said is that certain “non naughty words” may have been added to the “naughty word filter” or similar. That is it’s automatic rather than human.
If it is I can take a guess as to why it may be more apparent than it has in the past, but “I’d rather not say Beetlejuice three times”…
SpaceLifeForm • September 2, 2021 6:30 PM
@ Clive, Cassandra, JonKnowsNothing, ALL
That is it’s automatic rather than human.
This. Sumptin, sumptin about eh eye, em ell, emm eye das emm. Sumptin.
[y rR Q]
James Hagan • September 16, 2021 4:31 PM
Though I agree that there aren’t many secrets left to discover from this, I would argue that though the concepts may be common knowledge today the inspiration that they can give to someone is still boundless. So many minor tweaks to common knowledge today are what have created some of the most useful inventions.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
echo • August 31, 2021 8:56 AM
Some things which don’t appear to be much of a secret probably aren’t in the strict technical sense but can give people ideas which opens the door to more creativity than you may wish for. Sometimes even low grade information when there is enough of it can clue people in on things.
You will note there is a tension between freedom of information for the public good and keeping things secret to avoid bad people getting smart. Sometimes in practice there is too much secrecy on the side of one and too much blabbermouth on the side of the other. Two other mistakes are assuming the “enemy” doesn’t read your stuff and assuming the “enemy” doesn’t change and adapt. Sometimes the people who should pay attention don’t pay attention nor join the dots. Sometimes the “enemy” is operating in distraction and cover-up mode in real time.
Things change and so does emphasis. Emphasis and sometimes lack of emphasis is very often overlooked.
I can tell you now a lot of very important work across a range of fields happened in the post WWII period and you might be amazed how many “experts” including those with job titles and a salary to go with it have failed to read it. This also tells you something about management and organisational structures and processes and quality of implementation.
Even this says something.
https://www.schneier.com/blog/archives/2021/08/more-military-cryptanalytics-part-iii.html
Kinda what I said but without the sexism. I also imagine anything containing Enigma messages may have to be cleared with GCHQ. Also from what I understand from public information most GCHQ analysts are women.
WWII was an interesting time. Both Julia Childs and Audry Hepburn were involved with the war effort. Julia Childs worked for SOE and was offered a position as an operative but declined. I’m not surprised given how reckless SOE could be. Audry Hepburn worked as a fund raiser for the resistance at secret meetings. She is noted to have remarked the best performances were met with silence at the end. And as we all know the original “computers” were largely women.
Pre-WWII some of the mathematical and theoretical physics work was really quite brilliant. I wouldn’t be surprised if the odd nugget was still secret and as we know GCHQ don’t tell the NSA everything. Why? See first paragraph. The UK is after all the land of the “D” notice and assorted chummery. See paragraph two. Also pretty elitist and sexist at times. See paragraph three.
UK military doctrine is based around systems. Highly integrated. Multilayered. Focused within a time/effort/money envelope. If GCHQ follows a simialr doctrine it gets more done for a lot less than the NSA, and the NSA has publicly stated GCHQ is worth at least a third of the capability of the NSA. I suspect GHCQ capability may be higher because you cannot make a like for like comparison.
Women can also spot things men don’t and can be quite persistent. Men can and do steal the credit but nonetheless women’s contribution is significant and during WWII and I suspect even today organsiations with flatter management stuctures the which is typical in the US, which tends to supersize everything, and places like the Middle-East, which tend to exclude women, may be missing out on things. The question is what? Well, they wouldn’t know because they can’t know because that’s not how they were/are organised.
And that’s what I derived from three samples extracted this document. Others may disagree.