[cryptography] the spell is broken

James A. Donald jamesd at echeque.com
Fri Oct 4 01:56:49 EDT 2013


On 2013-10-04 08:54, Eric Murray wrote:
> NSA can act through people outside NIST too.

Committees tend to wind up controlled by evil conspiracies. That is 
another advantage of having standards set by an unelected president for 
life instead of a committee.

A committee multiplies the points of access for the conspiracy, while 
diffusing the responsibility for their misdeeds.
> By focusing on NIST we miss the larger problem.  Any cryptographer or
> security engineer can be compromised (or more likely, make a mistake).
> A good standard uses a public process, is well understood, has been
> examined by outside experts, and has no magic values.

We have all participated in committees, and know their propensity for 
stupidity, madness, and evil.

If one particular good cryptographer is disproportionately influential, 
his work will be well understood and examined by outside experts.

The more influential he is, the more examined he will be, and thus the 
more he will deserve to be influential, even if the initial reasons for 
his influence are arbitrary and capricious, a result of accident, 
publicity, and fashion.

As for public process, NIST does not in fact reliably follow its public 
process



More information about the cryptography mailing list