Security → Re: Pentagon Paying China 151; Yes, China 151; To Carry Data

I'm pretty sure the US Military has access to sufficient crypto technology that this is of utterly no consequence to national security.

But it does make a great headline.

While it may be true that the US military has access to "sufficient crypto technology", running all the regional messages through Chinese pipes certainly saves the Chinese a fair amount of effort intercepting the traffic in the first place - and intercepting perhaps the whole enchilada of US military traffic from the African continent, not just bits and pieces picked up here and there. Give a top-notch code-breaker a ton of traffic, all consecutive and consistent, and it certainly doesn't hurt the chances of cracking the message structures and codes.

If the US has "sufficient crypto technology", it doesn't matter much whether the Chinese can see the encrypted stream or not.

If anybody can crack our best military codes, this satellite is the least of our worries.

I'm not sure that the ChiCom's need to break our encryption. We give them a bunch of stuff for free.

Certainly that's true in the commercial sector. I worked for a company that handed over it's IP at the drop of a hat (despite my protests).

I guess, then, that it comes down to what constitutes "sufficient". The more that is known or can be reasonably well-deduced about intercepted traffic (its probable message structure/format, its traffic origins/destinations, its language, anything that is more likely to recur such as names or locations and such, etc), the more that can be fed into the cracking algorithms to increase their possibility of a hit. The more that traffic is known to emanate from or be directed to a smaller handful of geographic locations, the more that can be deduced as likely bits of content. The more of a consistent stream of consecutive messages that is intercepted, the more that can be deduced about likely message formats and/or origin/destination content. While, certainly, the odds are extremely high against cracking modern military encryption, they are tilted in cracking's favor (if ever so slightly) by giving to one's opponent large, continuous, bi-directional streams of traffic known to involve a few given sites.

History is replete with sophisticated military codes being cracked in this very way (message plaintext formats recurring in multiple messages, plaintext content words being used repeatedly in multiple consecutive messages, coincidence of unexpected events at known locations and increase in occurrances of messages from/to that same region, and so on). At the end of the day, while it can't be said with certainty that routing regional, secure traffic over a potentially hostile-controlled comm satellite will lead to the opponent's cracking a code, it just as certainly can be argued that it certainly won't help to keep it secure. And what might be deemed "sufficient" in a generic, world-wide context of jumbled encrypted traffic may not be as "sufficient" if a given region's secure traffic is pipelined directly to one's opponent.

I can't believe we're having this discussion.

You realize that the US Military has a passing acquaintance with the NSA, the best cryptographers the world has ever known, right? They're not doing rot13.

I indeed realize that. I also realize that the less specific information provided to or deducible by an adversary regarding the plaintext underlying encypherment, the less likely the adversary will be to find some way - even when pseudo-random keying and mathematical algorithms have been employed - of cracking the encryption. The first foundational rule of encryption is to never, ever give an adversary anything... hints, clues, compromises, consistent traffic flow, and so on. These all act to undermine the ultimate theoretical security of an encrypted stream of traffic.

The biggest compromises in the long history of encryption have occurred when the users of those systems had been so convinced of their invulnerability to cracking that they ignored proper traffic security of the encrypted streams and the handling of interior plaintext message construction. I believe it's foolish to pass down that same road today...

Blackbird, you just hit the nail right on the head. You couldn't have said it better.

Concur, most reasonable assessment Ive seen, sounds like something I read in the Cryptonomican (a fascinating novel, especially since for the past year there has been quite a recognition-celebration of Alan Turings life.)

Assuming the cryptographic methods used in communicating with this satellite are truly uncrackable, there is still valuable intelligence that can be gathered from meta-information:
- who is communicating with whom (perhaps not in enough detail to identify individuals, but certainly sufficient envelope information to route the data site to site)
- which site initiated the communication
- what is the data volume (some uncertainty due to compression and perhaps deliberate padding but still a good ballpark figure)
- when did the communication take place (tracking site activity)
- after some time of gathering meta-data statistics the listener will also be able to distinguish between routine traffic and unusual communications

This isn't new stuff. This type of intelligence was gathered and used before the enigma and lorenz ciphers were broken in WWII.