[cryptography] the spell is broken

Eric Murray ericm at lne.com
Thu Oct 3 18:54:05 EDT 2013


On 10/03/2013 03:22 PM, James A. Donald wrote:
> By moving away from anything NIST has touched he deprives the NSA of
> leverage to insert backdoors,

NSA can act through people outside NIST too.

By focusing on NIST we miss the larger problem.  Any cryptographer or
security engineer can be compromised (or more likely, make a mistake).
A good standard uses a public process, is well understood, has been
examined by outside experts, and has no magic values.   Following good
standards hygiene will reduce the instances of flawed standards, both
the accidental and the on purpose kind.

We will end up less secure if the current fear of NIST has people throw
out good standards and replace them with less studied ones or worse,
home grown stuff.

Eric


More information about the cryptography mailing list