Last week, a great blog post by cryptographer and research professor Matthew Green was posted, providing some fantastic details about the likely attack vectors by the NSA to compromise encryption schemes. It's a well written and detailed piece from someone who clearly knows what he's talking about. Oh, and it kicks off with an amusing story about how the reporters working on the "NSA builds backdoors into encryption" story had contacted him for comments and, because they didn't reveal too many details, he was concerned about coming off as too paranoid or too much of a "crank." However, after the details came out, he realized he "wasn't cranky enough."

Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for today's bombshell revelations describing the NSA's efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it's true on a scale I couldn't even imagine. I'm no longer the crank. I wasn't even close to cranky enough.

He then goes on to explain where the most probable attacks are coming from and what we should be most worried about and what's likely still safe. I had hoped to write up something about the post in general, but today something new came up. Green noted that the Dean where he teaches, at Johns Hopkins, had asked him to remove the blog post from the university's servers. The blog post was cross-posted both to a blog on the university's servers, as well as to Green's personal blog on Blogger. The personal blog post is still up (and now about to get that much more attention for the takedown). He also notes that this "isn't my Dean's fault" though plenty of folks are curious whose fault it might be. For what it's worth, it appears that Hopkins has a close relationship with the NSA, and the school really isn't that far from the NSA's headquarters.

Either way, for a whole variety of reasons, demanding the blog post be taken down seems fairly pointless. Not only will it draw much more attention to the original post, it now creates additional scrutiny towards Johns Hopkins as to why it's stifling the speech of one of its professors on a key topic of public interest.