[cryptography] the spell is broken
iang at iang.org
Wed Oct 2 11:41:21 EDT 2013
October 02, 2013
Silent Circle moves away from NIST cryptographic standards, cites NSA
The company plans to replace AES and SHA-2 with Twofish and Skein in its
encrypted communication services
By Lucian Constantin | IDG News Service
Silent Circle, a provider of encrypted mobile Voice over Internet
Protocol (VoIP) and text messaging apps and services, will stop using
the Advanced Encryption Standard (AES) cipher and Secure Hash Algorithm
2 (SHA-2) hash functions as default cryptographic algorithms in its
[ Build and deploy an effective line of defense against corporate
intruders with InfoWorld's Encryption Deep Dive PDF expert guide.
Download it today! | Stay up to date on the latest security developments
with InfoWorld's Security Central newsletter. ]
"We are going to replace our use of the AES cipher with the Twofish
cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas
said Monday in a blog post. "We are going to replace our use of the
SHA-2 hash functions with the Skein hash function. We are also examining
using the Threefish cipher where that makes sense."
The company also plans to stop using P-384, one of the elliptic curves
recommended by the NIST for use in elliptic curve cryptography (ECC).
Silent Circle plans to replace the P-384 elliptic curve with one or more
curves that are being designed by cryptographers Daniel Bernstein and
Tanja Lange, who have argued in the past that Suite B elliptic curves
"If the Suite B curves are intentionally bad, this would be a major
breach of trust and credibility," Callas said. "Even in a passive case
-- where the curves were thought to be good, but NSA cryptanalysts found
weaknesses they have since exploited -- it would create a credibility
gap of the highest order, and would be the smoking gun that confirms the
Silent Circle's new decision to move away from AES, SHA-2 and the P-384
curve doesn't mean that these standards are insecure, Callas said in the
blog post. "It doesn't mean we think less of our friends at NIST, whom
we have the utmost respect for; they are victims of the NSA's perfidy,
along with the rest of the free world. For us, the spell is broken.
We're just moving on."
Asked why Twofish and Skein in particular were chosen to be the new
default choices for Silent Circle's products, Callas said via email that
both algorithms come from trusted sources, including himself in the case
Twofish was a finalist in the NIST's selection of the AES cipher, and
the team that developed it included people that Silent Circle's
co-founders personally know and trust, he said. "A number of the same
people produced Skein -- which was a SHA-3 finalist -- and I am a member
of the Skein team."
For Silent Circle this was a "decision of conscience," Callas said. "Our
primary responsibility is to protect our customers, especially in the
face of uncertainty."
More information about the cryptography