[cryptography] the spell is broken
James A. Donald
jamesd at echeque.com
Fri Oct 4 01:56:49 EDT 2013
On 2013-10-04 08:54, Eric Murray wrote:
> NSA can act through people outside NIST too.
Committees tend to wind up controlled by evil conspiracies. That is
another advantage of having standards set by an unelected president for
life instead of a committee.
A committee multiplies the points of access for the conspiracy, while
diffusing the responsibility for their misdeeds.
> By focusing on NIST we miss the larger problem. Any cryptographer or
> security engineer can be compromised (or more likely, make a mistake).
> A good standard uses a public process, is well understood, has been
> examined by outside experts, and has no magic values.
We have all participated in committees, and know their propensity for
stupidity, madness, and evil.
If one particular good cryptographer is disproportionately influential,
his work will be well understood and examined by outside experts.
The more influential he is, the more examined he will be, and thus the
more he will deserve to be influential, even if the initial reasons for
his influence are arbitrary and capricious, a result of accident,
publicity, and fashion.
As for public process, NIST does not in fact reliably follow its public
More information about the cryptography