[Owasp-leaders] NIST, the NSA and fun with crypto reviews
tobias.gondrom at owasp.org
Sun Sep 15 13:44:54 UTC 2013
I haven't given up on NIST, just yet.
IMHO, AES and SHA-2 (and the upcoming SHA-3) are probably safe, the
trick is the implementation. (and I could imagine the NSA might have
subverted quite a number of implementations...)
But the algorithms themselves are public and the crypto community has
put quite some effort on scrutinizing, analyzing and breaking them.
As the NIST is under the US government control, its statements have of
course to be seen in a new light after the broad attempts of the NSA and
the US government to subvert crypto.
But, consider that NIST is using outside resources including the NSA
like other organisations, too.
So do many other open organisations like the IETF and we at OWASP, too
(just see that the NSA was looking at our ESAPI, and that we are per
definition open to all contributors....).
That means that these outside resources can try to manipulate and try to
subvert or exploit open organisations for their own goals. So the
general truth holds: be careful what you eat and diversity of
contributors and peer review are vital for good projects. When I see
standards written by only one person or only one organisation (e.g. the
NSA), it makes sense to question their motives and whether this is the
best technology to choose.
Having said that, at this moment I see that NIST has fallen prey to NSA
activities (and possibly collaborated in some cases), but IMHO that does
not necessarily mean to abandon everything they did in total when it
comes to some of the crypto standards which received a broad public
review from many crypto scientists around the world.
All the best, Tobias
On 15/09/13 00:28, Jim Manico wrote:
> I am personally aborting NIST standards when I can.
> From AES -> Serpent and Twofish http://en.wikipedia.org/wiki/Serpent_(cipher) and http://en.wikipedia.org/wiki/Twofish
> From SHA -> Whirlpool http://en.wikipedia.org/wiki/Whirlpool_(cryptography)
> And as for the NSA subverting crypto standards, take a look at our own experience at the ESAPI for Java project.
> Back in June 2010 the NSA graciously agreed to review the crypto of the ESAPI for Java project:
>> [Esapi-dev] NSA to perform ESAPI review
> The made a few suggestions to make it "stronger" but otherwise validated our implementation.
> Now flash forward to this month.
>> [Esapi-dev] ESAPI Java and Authenticated encryption implementation
> They did not add anything that was malicious, but Ooops! they missed something important.
> The has been fixed, however.
>> [Esapi-dev] Crypto and the "ESAPI for Java" release 2.1.0
> We live in interesting times.
>> FYI: From NY Times <http://j.mp/1degxpA>:
>>> Cryptographers have long suspected that the [NSA] planted vulnerabilities
>>> in a standard adopted in 2006 by the National Institute of Standards and
>>> Technology and later by the International Organization for Standardization,
>>> which has 163 countries as members.
>> Note that I am explicitly not stating an opinion, just forwarding
>> potentially related information.
>> On Fri, Sep 13, 2013 at 3:02 PM, Bev Corwin <bev.corwin at owasp.org> wrote:
>>> NIST seeks early adopters of draft cybersecurity framework
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130914/ea393ab2/attachment.html>
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders