[Owasp-leaders] [Owasp-singapore] Fwd: NIST, the NSA and fun with crypto reviews

Jim Manico jim.manico at owasp.org
Sun Sep 15 12:01:54 UTC 2013

AES is brutally tough to really get right.

ECB mode is basically plaintext. CBC is heavily under fire with a series of
published issues (it's time to move to AES-GCM mode). You also need unique
random IV's per message in AES-CBC code and most languages default random
number generation is poor at best.

And my comments were not a call to action, but a statement of my personal
choice. Serpent in particular (one of the same NIST finalists that competed
with AES) takes a much more conservative approach.

So yea, keep on rocking AES if you like, but proceed with caution. Some of
the best applied crypto folks I know have gotten it wrong.

And as for the NSA? Geesh, I don't know what the truth is. At best they
missed an important vuln. Happens to everyone. At worst they found the vuln
and didn't tell us. Who knows.

I received fun hate mail over this. So to help ease everyones nerves, let
me leave you with an awesome compilation of cute cat videos.


Jim Manico
(808) 652-3805

On Sep 15, 2013, at 5:53 AM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:


I know the person who created the Java reference implementation of
each AES candidate which were submitted to NIST and from memory (i.e.
this was a long time ago so I could be wrong) these are

I have deliberately not named him to uphold his reputation but it can
be found within the CVS and various public mailing list archive hosted
at http://cryptix.org/

This person has resided in Australia for over 20 years and they were
no born in the USA.   Therefore, there was no collusion or influence
exerted by NIST but they did send their certificate of appreciation to
him (for the reason below).

I also believe that this person did *not* receive financial reward or
income from any of the commercial companies or cryptographer(s).

Furthermore he also contributed
http://www.gnu.org/software/gnu-crypto/ and you would already be aware
of their high standards related to FOSS.

The selection of AES was governed by peer review and the incentive for
each cryptographer was to undertake cryptanalysis of the other AES

NIST involvement was the selection based on the size and speed (i.e.
*not* security since this was independently verified by the process
described above).  There are four other AES candidates (besides
Rijndael) of which cryptanalysis was not successful at the time [of

Please let me know if you require further information?

I would appreciate if you would formally withdraw your comment too in
light of the above information?

On Sun, Sep 15, 2013 at 10:28 AM, Wong Onn Chee <ocwong at usa.net> wrote:

FYI, folks.

Best Regards

Onn Chee

"I say all security vulnerabilities are software-based. Prove me wrong if
you dare"

-------- Original Message --------

Subject:        [Owasp-leaders] NIST, the NSA and fun with crypto reviews

Date:   Sat, 14 Sep 2013 19:28:01 -0400

From:   Jim Manico

I am personally aborting NIST standards when I can.

>From AES -> Serpent and Twofish
http://en.wikipedia.org/wiki/Serpent_(cipher) and

>From SHA -> Whirlpool http://en.wikipedia.org/wiki/Whirlpool_(cryptography)

And as for the NSA subverting crypto standards, take a look at our own
experience at the ESAPI for Java project.

Back in June 2010 the NSA graciously agreed to review the crypto of the
ESAPI for Java project:

[Esapi-dev] NSA to perform ESAPI review


The made a few suggestions to make it "stronger" but otherwise validated
our implementation.

Now flash forward to this month.

[Esapi-dev] ESAPI Java and Authenticated encryption implementation


They did not add anything that was malicious, but Ooops! they missed
something important.

The has been fixed, however.

[Esapi-dev] Crypto and the "ESAPI for Java" release 2.1.0


We live in interesting times.



FYI: From NY Times <http://j.mp/1degxpA>:

Cryptographers have long suspected that the [NSA] planted vulnerabilities

in a standard adopted in 2006 by the National Institute of Standards and

Technology and later by the International Organization for Standardization,

which has 163 countries as members.

Note that I am explicitly not stating an opinion, just forwarding

potentially related information.

On Fri, Sep 13, 2013 at 3:02 PM, Bev Corwin wrote:

NIST seeks early adopters of draft cybersecurity framework




Owasp-singapore mailing list

Owasp-singapore at lists.owasp.org


Christian Heinrich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130915/082d8a12/attachment.html>

More information about the OWASP-Leaders mailing list