Microservices Expo Authors: Yeshim Deniz, Pat Romanski, Elizabeth White, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Cloud Computing: RSA Conference 2011: Cryptography Panel

Diffie Calls for NSA Open-ness

In a nearly full conference hall, the Tuesday morning RSA 2011 keynotes included talks from EMC, VMWare and Symantec, and an all-star cryptography panel, where an impassioned plea was made for more openness from the National Security Agency.  The panel started by opening remarks by Ari Juels, Director of RSA Labs, who asked as a moderator. The main theme was the the history of the first modern cipher, the Data Encryption Standard, or DES. The back-story on this algorithm is that it was government standard, and was widely believed to have been modified to have a backdoor so that it was easily broken into by the US Government.

The panel included Martin Hellman and Whitefield Diffie, two important figures in public-key cryptography. Ron Rivest, the R in RSA, was also on the panel, as was a government cryptographer from the NSA. The early parts of the panel was a discussion on how the early days of cryptography had assisted their all careers.

While there was a lot of mathematical history, the interesting point in the panel is when Diffie brought up the "crypto-politics". Diffie, who sports long hair and has a vague resemblance to Kenny Rogers, said he believed  that the NSA (and IBM) could not be trusted to build a national standard algorithm without a back-door. It was pointed out that the initial algorithm was only slated to last for 10-15 years, but that the designers misjudged how the algorithm would be used in the commercial world, and how they would have to deal with the "legacy" issues. The algorithm was originally intended for government and military use.

One of the fascinating aspects of the RSA Conference is that they audience of an estimated 5000-7000 people appeared riveted to their seats for this panel.

There was a discussion about how, in the 1970s, some key aspects of the algorithm was decided by factions inside the National Security Agency, between two groups called COMSEC, and COMMINT. These government acronyms stand for Communications Security and Communications Intelligence.

Hellman then discussed his suspicions that the Government was hiding the back door, primarily because the  team was not telling the academic world the whole truth about issues like they key size. Some on the panel believed there could not be a  backdoor primarily because large corporations, Soviets and Chinese were using the algorithm.

Then an important questions was raised. "Is security even possible any more?" As proof of this might be the case, it was mentioned that the National Security Agency treats its networks as being in a permanent state of semi-compromise. One panelist pointed out that the 2 major security breaches of the last 12 months, WikiLeaks and stuxnet, had nothing to do with cryptography. Security, said the panel, is a larger problem than just technology.

The final conclusion from the panel on DES appears that there was no backdoor, it was breakable. The DES algorithm was first publicly broken in 1997.

The panel closed with an impassioned plea from Diffie for the NSA to publish its important non-classified work. This suggests that the NSA is holding on to some very important non-classified tracts that would in some way revolutionize the field.

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.

Microservices Articles
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling independent service deployments. In this presentation we'll provide an overview of the tools, patterns and pain points we've seen when implementing contract testing in large development organizations.
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...