[cryptography] [info] The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)

ianG iang at iang.org
Wed Mar 21 21:54:30 EDT 2012


On 19/03/12 12:31 PM, ianG wrote:

> ... So after a lot of colour, it is not clear if they can break AES.
> Yet. OK. But that is their plan. And they think they can do it, within
> their foreseeable future.


So, step into NSA's shoes.  If there is a timeline here we (NSA) worked 
out we can break AES "soon" ... what would we do?

Would we impress everyone in the world as to how strong it was and push 
NIST to standardise it as much as possible?  Plausible given that 
everyone follows NIST's lead without question.  The Suite B sweetener is 
aptly named, nobody seems to have missed the sour taste of Suite A ;-)

Would we propose or advance some modes or protocols above others?

Where I'm getting at here is things like CTR mode.  It seems that this 
mode reduces the obfuscations of CBC to make AES the sole and only 
fulcrum of strength.  Nice, clear and simple.  But, assuming a 
predictable counter, we have lots of ciphertext with a clear 
relationship.  So CTR is easier to crack assuming a big machine that 
makes the local county brown-out every time someone wants to read a 
conversation.

Or, is the advantage that CBC and other modes have - obfuscation of the 
ciphertext with variation stolen from the plaintext - of such low value 
in the scheme of things that these things make no difference?  Is the 
choice of mode irrelevant if AES has a weakness?

iang



(context here is that I am examining an older protocol of mine with 
thought of replacing it, and wonder which mode to prefer...)

(thinking about it more, my normal rule of "ignore the NSA always" 
should answer this :) )



More information about the cryptography mailing list