[Owasp-leaders] [Owasp-singapore] Fwd: NIST, the NSA and fun with crypto reviews
jim.manico at owasp.org
Sun Sep 15 12:01:54 UTC 2013
AES is brutally tough to really get right.
ECB mode is basically plaintext. CBC is heavily under fire with a series of
published issues (it's time to move to AES-GCM mode). You also need unique
random IV's per message in AES-CBC code and most languages default random
number generation is poor at best.
And my comments were not a call to action, but a statement of my personal
choice. Serpent in particular (one of the same NIST finalists that competed
with AES) takes a much more conservative approach.
So yea, keep on rocking AES if you like, but proceed with caution. Some of
the best applied crypto folks I know have gotten it wrong.
And as for the NSA? Geesh, I don't know what the truth is. At best they
missed an important vuln. Happens to everyone. At worst they found the vuln
and didn't tell us. Who knows.
I received fun hate mail over this. So to help ease everyones nerves, let
me leave you with an awesome compilation of cute cat videos.
On Sep 15, 2013, at 5:53 AM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:
I know the person who created the Java reference implementation of
each AES candidate which were submitted to NIST and from memory (i.e.
this was a long time ago so I could be wrong) these are
I have deliberately not named him to uphold his reputation but it can
be found within the CVS and various public mailing list archive hosted
This person has resided in Australia for over 20 years and they were
no born in the USA. Therefore, there was no collusion or influence
exerted by NIST but they did send their certificate of appreciation to
him (for the reason below).
I also believe that this person did *not* receive financial reward or
income from any of the commercial companies or cryptographer(s).
Furthermore he also contributed
http://www.gnu.org/software/gnu-crypto/ and you would already be aware
of their high standards related to FOSS.
The selection of AES was governed by peer review and the incentive for
each cryptographer was to undertake cryptanalysis of the other AES
NIST involvement was the selection based on the size and speed (i.e.
*not* security since this was independently verified by the process
described above). There are four other AES candidates (besides
Rijndael) of which cryptanalysis was not successful at the time [of
Please let me know if you require further information?
I would appreciate if you would formally withdraw your comment too in
light of the above information?
On Sun, Sep 15, 2013 at 10:28 AM, Wong Onn Chee <ocwong at usa.net> wrote:
"I say all security vulnerabilities are software-based. Prove me wrong if
-------- Original Message --------
Subject: [Owasp-leaders] NIST, the NSA and fun with crypto reviews
Date: Sat, 14 Sep 2013 19:28:01 -0400
From: Jim Manico
I am personally aborting NIST standards when I can.
>From AES -> Serpent and Twofish
>From SHA -> Whirlpool http://en.wikipedia.org/wiki/Whirlpool_(cryptography)
And as for the NSA subverting crypto standards, take a look at our own
experience at the ESAPI for Java project.
Back in June 2010 the NSA graciously agreed to review the crypto of the
ESAPI for Java project:
[Esapi-dev] NSA to perform ESAPI review
The made a few suggestions to make it "stronger" but otherwise validated
Now flash forward to this month.
[Esapi-dev] ESAPI Java and Authenticated encryption implementation
They did not add anything that was malicious, but Ooops! they missed
The has been fixed, however.
[Esapi-dev] Crypto and the "ESAPI for Java" release 2.1.0
We live in interesting times.
FYI: From NY Times <http://j.mp/1degxpA>:
Cryptographers have long suspected that the [NSA] planted vulnerabilities
in a standard adopted in 2006 by the National Institute of Standards and
Technology and later by the International Organization for Standardization,
which has 163 countries as members.
Note that I am explicitly not stating an opinion, just forwarding
potentially related information.
On Fri, Sep 13, 2013 at 3:02 PM, Bev Corwin wrote:
NIST seeks early adopters of draft cybersecurity framework
Owasp-singapore mailing list
Owasp-singapore at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders