[cryptography] the spell is broken

Paul Wouters paul at cypherpunks.ca
Thu Oct 3 18:04:47 EDT 2013

On Thu, 3 Oct 2013, Kelly John Rose wrote:

> I short, I feel that all trust for NIST has to be broken. It doesn't
> matter if AES or SHA-2 is broken or not broken. You cannot go into a
> security environment with a tool that is known to be compromised
> (NIST) and just hope and pray that the pieces you are using aren't the
> compromised pieces.

Reasoning that way, you're very quickly left with not but a tin foil
hat. Let's say we agree on twofish. then NIST/NSA certifies it for FIPS.
Are we than taking that as proof it is compromised and figure out
something else?

People forget the NSA has two faces. One side is good.  NIST and FIPS
and NSA are all related. One lesson here might be, only use FIPS when
the USG requires it. That said, a lot of FIPS still makes sense. I'm
surely not going to stick with md5 or sha1.

> There are alternatives, it doesn't hurt to get them in place.

Yes, like the IETF brainpool drafts.

The IETF is an independant body but only as good as the academic and
open cryptography community. And for those crypto people complaining
on the lack of crypto knowledge within the IETF, you have no excuse
not to participate. IETF carefully tries to not invent crypto.


More information about the cryptography mailing list