[cryptography] Dual_EC_DRBG was cooked, but not AES?

Tony Arcieri bascule at gmail.com
Sun Sep 22 13:25:35 EDT 2013

On Sun, Sep 22, 2013 at 7:05 AM, Ed Stone <temp at synernet.com> wrote:

> There was some criticism from various parties, including from public-key
> cryptography pioneers Martin Hellman and Whitfield Diffie,[2] citing a
> shortened key length and the mysterious "S-boxes" as evidence of improper
> interference from the NSA. The suspicion was that the algorithm had been
> covertly weakened by the intelligence agency so that they — but no-one else
> — could easily read encrypted messages.[3] Alan Konheim (one of the
> designers of DES) commented, "We sent the S-boxes off to Washington. They
> came back and were all different."[4]

It's now known that the NSA selected S-boxes that hardened the algorithm
against differential cryptanalysis. Furthermore, 3DES continues to remain a
viable cipher.

See: http://www.cosic.esat.kuleuven.be/publications/article-2335.pdf

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130922/35a0ccfb/attachment.html>

More information about the cryptography mailing list