logoalt Hacker News

bigfatkittentoday at 10:00 AM1 replyview on HN

One thing you can do is have your adversary put their money where their mouth is and use the very same products, sourced independently, that they use to protect their own sensitive information.

There are limits to this of course. You can’t buy a TACLANE[1], but you can buy many of the other products[2] USG uses to protect its own classified information.

[1] https://gdmissionsystems.com/encryption/taclane-network-encr...

[2] https://www.nsa.gov/resources/Commercial-Solutions-for-Class...


Replies

crotetoday at 11:11 AM

The obvious counterexample is NOBUS[0] vulnerabilities, and intentional backdoors like the Clipper Chip[1] or Dual_EC_DRBG[2]: if you genuinely believe you are the only one who could possibly exploit it, there's no reason to avoid using it.

A more modern example is probably the NSA aggressively pushing[3] for replacing classical encryption with post-quantum encryption, rather than taking the more conservative and probably-more-secure approach of layering the two - while at the same time mandating the use of two layers of those same algorithms for their own use[4]!

[0]: https://en.wikipedia.org/wiki/NOBUS

[1]: https://en.wikipedia.org/wiki/Clipper_chip

[2]: https://en.wikipedia.org/wiki/Dual_EC_DRBG

[3]: https://blog.cr.yp.to/20251004-weakened.html

[4]: https://defense-solutions.curtisswright.com/capabilities/tec...

show 1 reply