peterwn wrote:

>
> Agreed to some extent, but this is no reason or excuse to adopt
> unnecessarily low standards for critical uses.
>
> I will give an example. The German armed forces all used the same
> cypher machines in WW2.


The Navy used a different version of the machine. They had 8 scramblers
to choose from instead of the standard 5. Also, the reflector which was
fixed on the standard machine could be rotated in the Navy version. The
Navy version would have been crackable but not in a reasonable time,
which made stealing the code books necessary.

> The team at Bletchley Hall cracked the systems


The Polish first cracked the Enigma before Germany invaded. Marian
Rejewski was the man primarily responsible for it. In 1939 the Germans
improved the machine, increasing the number of scramblers to 5 from 3
and added extra plugboard cables. On 24 July 1939 the Poles showed the
British and French how they had been cracking the enigma machine.

> and could in most cases read German messages. The machines were
> virtually foolproof technologically, but it was the way they were used.
> The administration of keys (like passwords) was sloppy and they did
> daft things such as prefacing each message with 'Heil Hitler' which was
> a gift from heaven to the cypher hackers.


There were flaws in the machine. One was that no letter could be
decoded as itself. It is true that the codebreakers might find a wather
report sent daily that hat the word "wetter" in a similar place in each
message, but the technology was far from foolproof
>
> But the German Navy were meticulous in their administration of their
> machines and this made their messages well nigh impossible to crack. The
> result was massive and sickening losses of convoy ships and lives in the
> Atlantic which drove the Royal Navy to despair. It was not until they
> successfully disabled a U-boat and a quick thinking Naval officer
> managed to remove the cypher keys and information before the sub sunk,
> that the hackers could make progress. The loss of Allied shipping
> dropped dramatically. By the way they were well aware of back-ups. As
> soon as possible, the Navy people photographed the key information in
> case the originals got lost (plane crashes etc) before the precious
> stuff got back to Bletchley Hall.


It was harder to crack because the Navy machine was superior.
>
> There are serious sovereignty issues with this sort of thing and as a
> citizen I would expect the Government agencies concerned with national
> security (including trade issues) to take all practicable steps to best
> protect NZ's strategic communications and information.
>
> Trusting this sort of things to a foreign company with limited source
> code audit rights with potentially heaps of code to go through, and
> involving software systems that are insecure by design is just not good
> enough.