[cryptography] the spell is broken

ianG iang at iang.org
Wed Oct 2 11:41:21 EDT 2013


October 02, 2013
Silent Circle moves away from NIST cryptographic standards, cites NSA 
The company plans to replace AES and SHA-2 with Twofish and Skein in its 
encrypted communication services
By Lucian Constantin | IDG News Service

Silent Circle, a provider of encrypted mobile Voice over Internet 
Protocol (VoIP) and text messaging apps and services, will stop using 
the Advanced Encryption Standard (AES) cipher and Secure Hash Algorithm 
2 (SHA-2) hash functions as default cryptographic algorithms in its 

[ Build and deploy an effective line of defense against corporate 
intruders with InfoWorld's Encryption Deep Dive PDF expert guide. 
Download it today! | Stay up to date on the latest security developments 
with InfoWorld's Security Central newsletter. ]

"We are going to replace our use of the AES cipher with the Twofish 
cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas 
said Monday in a blog post. "We are going to replace our use of the 
SHA-2 hash functions with the Skein hash function. We are also examining 
using the Threefish cipher where that makes sense."

The company also plans to stop using P-384, one of the elliptic curves 
recommended by the NIST for use in elliptic curve cryptography (ECC).
Silent Circle plans to replace the P-384 elliptic curve with one or more 
curves that are being designed by cryptographers Daniel Bernstein and 
Tanja Lange, who have argued in the past that Suite B elliptic curves 
are weak.

"If the Suite B curves are intentionally bad, this would be a major 
breach of trust and credibility," Callas said. "Even in a passive case 
-- where the curves were thought to be good, but NSA cryptanalysts found 
weaknesses they have since exploited -- it would create a credibility 
gap of the highest order, and would be the smoking gun that confirms the 
Guardian articles."
Silent Circle's new decision to move away from AES, SHA-2 and the P-384 
curve doesn't mean that these standards are insecure, Callas said in the 
blog post. "It doesn't mean we think less of our friends at NIST, whom 
we have the utmost respect for; they are victims of the NSA's perfidy, 
along with the rest of the free world. For us, the spell is broken. 
We're just moving on."
Asked why Twofish and Skein in particular were chosen to be the new 
default choices for Silent Circle's products, Callas said via email that 
both algorithms come from trusted sources, including himself in the case 
of Skein.

Twofish was a finalist in the NIST's selection of the AES cipher, and 
the team that developed it included people that Silent Circle's 
co-founders personally know and trust, he said. "A number of the same 
people produced Skein -- which was a SHA-3 finalist -- and I am a member 
of the Skein team."

For Silent Circle this was a "decision of conscience," Callas said. "Our 
primary responsibility is to protect our customers, especially in the 
face of uncertainty."

More information about the cryptography mailing list