<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>AES is brutally tough to really get right. </div><div><br></div><div>ECB mode is basically plaintext. CBC is heavily under fire with a series of published issues (it's time to move to AES-GCM mode). You also need unique random IV's per message in AES-CBC code and most languages default random number generation is poor at best.</div>
<div><br></div><div>And my comments were not a call to action, but a statement of my personal choice. Serpent in particular (one of the same NIST finalists that competed with AES) takes a much more conservative approach.</div>
<div><br></div><div>So yea, keep on rocking AES if you like, but proceed with caution. Some of the best applied crypto folks I know have gotten it wrong.</div><div><br></div><div>And as for the NSA? Geesh, I don't know what the truth is. At best they missed an important vuln. Happens to everyone. At worst they found the vuln and didn't tell us. Who knows.</div>
<div><br></div><div>I received fun hate mail over this. So to help ease everyones nerves, let me leave you with an awesome compilation of cute cat videos.</div><div><br></div><div><span style="font-family:'.HelveticaNeueUI';font-size:15px;line-height:19px;white-space:nowrap"><a href="http://www.youtube.com/watch?v=xEhaVhta7sI">http://www.youtube.com/watch?v=xEhaVhta7sI</a></span></div>
<div><br><div>Aloha,</div><div>--</div><div>Jim Manico</div><div>@Manicode</div><div>(808) 652-3805</div></div><div><br>On Sep 15, 2013, at 5:53 AM, Christian Heinrich <<a href="mailto:christian.heinrich@cmlh.id.au">christian.heinrich@cmlh.id.au</a>> wrote:<br>
<br></div><blockquote type="cite"><div><span>Jim,</span><br><span></span><br><span>I know the person who created the Java reference implementation of</span><br><span>each AES candidate which were submitted to NIST and from memory (i.e.</span><br>
<span>this was a long time ago so I could be wrong) these are</span><br><span><a href="http://cryptix.org/aes.tar.gz">http://cryptix.org/aes.tar.gz</a>.</span><br><span></span><br><span>I have deliberately not named him to uphold his reputation but it can</span><br>
<span>be found within the CVS and various public mailing list archive hosted</span><br><span>at <a href="http://cryptix.org/">http://cryptix.org/</a></span><br><span></span><br><span>This person has resided in Australia for over 20 years and they were</span><br>
<span>no born in the USA.   Therefore, there was no collusion or influence</span><br><span>exerted by NIST but they did send their certificate of appreciation to</span><br><span>him (for the reason below).</span><br><span></span><br>
<span>I also believe that this person did *not* receive financial reward or</span><br><span>income from any of the commercial companies or cryptographer(s).</span><br><span></span><br><span>Furthermore he also contributed</span><br>
<span><a href="http://www.gnu.org/software/gnu-crypto/">http://www.gnu.org/software/gnu-crypto/</a> and you would already be aware</span><br><span>of their high standards related to FOSS.</span><br><span></span><br><span>The selection of AES was governed by peer review and the incentive for</span><br>
<span>each cryptographer was to undertake cryptanalysis of the other AES</span><br><span>candidates.</span><br><span></span><br><span>NIST involvement was the selection based on the size and speed (i.e.</span><br><span>*not* security since this was independently verified by the process</span><br>
<span>described above).  There are four other AES candidates (besides</span><br><span>Rijndael) of which cryptanalysis was not successful at the time [of</span><br><span>AES].</span><br><span></span><br><span>Please let me know if you require further information?</span><br>
<span></span><br><span>I would appreciate if you would formally withdraw your comment too in</span><br><span>light of the above information?</span><br><span></span><br><span></span><br><span></span><br><span>On Sun, Sep 15, 2013 at 10:28 AM, Wong Onn Chee <<a href="mailto:ocwong@usa.net">ocwong@usa.net</a>> wrote:</span><br>
<blockquote type="cite"><span>FYI, folks.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Best Regards</span><br></blockquote><blockquote type="cite"><span>Onn Chee</span><br>
</blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>"I say all security vulnerabilities are software-based. Prove me wrong if you dare"</span><br></blockquote><blockquote type="cite">
<span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>-------- Original Message --------</span><br></blockquote>
<blockquote type="cite"><span>Subject:        [Owasp-leaders] NIST, the NSA and fun with crypto reviews</span><br></blockquote><blockquote type="cite"><span>Date:   Sat, 14 Sep 2013 19:28:01 -0400</span><br></blockquote><blockquote type="cite">
<span>From:   Jim Manico</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<span>I am personally aborting NIST standards when I can.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>From AES -> Serpent and Twofish <a href="http://en.wikipedia.org/wiki/Serpent_(cipher)">http://en.wikipedia.org/wiki/Serpent_(cipher)</a> and <a href="http://en.wikipedia.org/wiki/Twofish">http://en.wikipedia.org/wiki/Twofish</a></span><br>
</blockquote><blockquote type="cite"><span>From SHA -> Whirlpool <a href="http://en.wikipedia.org/wiki/Whirlpool_(cryptography)">http://en.wikipedia.org/wiki/Whirlpool_(cryptography)</a></span><br></blockquote><blockquote type="cite">
<span></span><br></blockquote><blockquote type="cite"><span>And as for the NSA subverting crypto standards, take a look at our own experience at the ESAPI for Java project.</span><br></blockquote><blockquote type="cite"><span></span><br>
</blockquote><blockquote type="cite"><span>Back in June 2010 the NSA graciously agreed to review the crypto of the ESAPI for Java project:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<blockquote type="cite"><span>[Esapi-dev] NSA to perform ESAPI review</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="http://lists.owasp.org/pipermail/esapi-dev/2010-June/000816.html">http://lists.owasp.org/pipermail/esapi-dev/2010-June/000816.html</a></span><br>
</blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The made a few suggestions to make it "stronger" but otherwise validated our implementation.</span><br>
</blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Now flash forward to this month.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<blockquote type="cite"><span>[Esapi-dev] ESAPI Java and Authenticated encryption implementation</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html">http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html</a></span><br>
</blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>They did not add anything that was malicious, but Ooops! they missed something important.</span><br></blockquote>
<blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The has been fixed, however.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><blockquote type="cite">
<span>[Esapi-dev] Crypto and the "ESAPI for Java" release 2.1.0</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="http://lists.owasp.org/pipermail/esapi-dev/2013-September/002291.html">http://lists.owasp.org/pipermail/esapi-dev/2013-September/002291.html</a></span><br>
</blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>We live in interesting times.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<span>Aloha,</span><br></blockquote><blockquote type="cite"><span>Jim</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>FYI: From NY Times <<a href="http://j.mp/1degxpA">http://j.mp/1degxpA</a>>:</span><br>
</blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Cryptographers have long suspected that the [NSA] planted vulnerabilities</span><br>
</blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>in a standard adopted in 2006 by the National Institute of Standards and</span><br></blockquote></blockquote>
</blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Technology and later by the International Organization for Standardization,</span><br></blockquote></blockquote></blockquote><blockquote type="cite">
<blockquote type="cite"><blockquote type="cite"><span>which has 163 countries as members.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote>
<blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Note that I am explicitly not stating an opinion, just forwarding</span><br>
</blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>potentially related information.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote>
</blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>On Fri, Sep 13, 2013 at 3:02 PM, Bev Corwin wrote:</span><br></blockquote>
</blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>NIST seeks early adopters of draft cybersecurity framework</span><br>
</blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">
<span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> <a href="http://insidecybersecurity.com/Cyber-Daily-News/Daily-News/nist-seeks-early-adopters-of-draft-cybersecurity-framework/menu-id-1075.html#!">http://insidecybersecurity.com/Cyber-Daily-News/Daily-News/nist-seeks-early-adopters-of-draft-cybersecurity-framework/menu-id-1075.html#!</a></span><br>
</blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">
<span> Bev</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><span></span><br>
</blockquote><blockquote type="cite"><span>_______________________________________________</span><br></blockquote><blockquote type="cite"><span>Owasp-singapore mailing list</span><br></blockquote><blockquote type="cite"><span><a href="mailto:Owasp-singapore@lists.owasp.org">Owasp-singapore@lists.owasp.org</a></span><br>
</blockquote><blockquote type="cite"><span><a href="https://lists.owasp.org/mailman/listinfo/owasp-singapore">https://lists.owasp.org/mailman/listinfo/owasp-singapore</a></span><br></blockquote><span></span><br><span></span><br>
<span></span><br><span>-- </span><br><span>Regards,</span><br><span>Christian Heinrich</span><br><span></span><br><span><a href="http://cmlh.id.au/contact">http://cmlh.id.au/contact</a></span><br></div></blockquote></body></html>