Jeremy wrote:
] When this story first broke, my reation was, "This is news?
] To whom?"
]
] Shouldn't they have assumed this was the case?

I agree. I would. I can't believe that other countries operate with the assumption that they have solid cryptography. I've never ever heard of Iranian codes. Besides the Americans and English, the Israelis and the Russians have made codes that have actually found wide application. The others are simply not publishing, or they aren't that good at making them in the first place. And Iranians publish. Note the recent IEEE fiasco. I'm sure if they had something really good to offer they'd have put it out there.

] As I listened to the NPR story this afternoon, all I could do
] was saying to myself, "Games! Games! Games!" Games within
] games within more games. It's a regular Alice in Wonderland.

This is why I don't buy the trade craft argument made in this article. Its easy to imagine plots but in practice usually things are amazingly simple. Iran knew the US had the code. The US knew (obviously) that this guy was a problem. They gave him a lead, and he acted on it, and now they get to destroy his credibility in a formal way. It negates arguments that he was manipulating the U.S. If they were listening to his communications with his handler then they obviously knew what is up. They gain credibility while he looses it. They tell the world that they had this guy nailed and they went into Iraq for their own reasons, without saying it.

Its important to them to eliminate any doubt about their intentions in Iraq because they did it to send a message and that message needs to be clear.

] You have to assume they were already using the best they had.

Are we? There are practical management problems with codes. You have to deploy them in useful devices. If the best thing your scientists have is in widespread operational use you need to fire your scientists. I imagine that Iran has new codes. I imagine they are better. Deploying them suddenly is easier said then done.

Reason number 1004 why you should invest in FPGAs.

] Don't overthink the "cipher" end of things. Proper protection
] has as much to do with key generation and management,
] maintaing positive control and physical integrity of the
] hardware, etc. as it does with "cryptography" in any academic
] sense.

Thats absolutely true. Who knows how they broke it. People imagine that the NSA has some magic black box that can unwind any crypto system you'll encounter. Now, anecdotal evidence has taught me never to underestimate their capabilities when it comes to raw code cracking, but the reality is that if I was managing the NSA I'd have far more resources devoted to attacking practical problems with ciphers then academic ones. Its cheaper and faster.

RE: Chalabi told Iran U.S. broke their codes?