[cryptography] the spell is broken

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Oct 3 20:15:48 EDT 2013


"James A. Donald" <jamesd at echeque.com> writes:

>By moving away from anything NIST has touched he deprives the NSA of leverage
>to insert backdoors,

Just as a bit of a counterpoint here, how far do you want to go down this
rathole?  Someone recently pointed me to the latest CERT vuln. summary
(because of a few interesting entries there):

https://www.us-cert.gov/ncas/bulletins/SB13-273

Now this is just a single weeks' worth, and yet look at all the remote-code-
execution and seize-control-of-device issues in just that seven-day stretch.
The NSA doesn't really need to backdoor crypto when the barn door isn't just
propped wide open, it's entirely missing in some cases.

(I completely support Jon's position in terms of being seen to do the right
thing, but there are more things to worry about than just backdoored crypto).

Peter.


More information about the cryptography mailing list