On 09/05/2013 07:00 PM, Jon Callas wrote:
I don't think they're actively bad, though. For the purpose they were created for -- parallelizable authenticatedencryption -- it serves its purpose. You can have a decent implementor implement them right in hardware and walk away.
Given some of the things in the Snowden files, I think it has become the case that one ought not trust any mass-produced crypto hardware. It is clearly on the agenda of the NSA to weaken the communications infrastructure of American and other business, specifically at the level of chip manufacturers. And chips are too much of a black-box for anyone to easily inspect and too much subject to IP/Copyright issues for anyone who does to talk much about what they find. Seriously; microplaning, micrography, analysis, and then you get sued if you talk about what you find? It's a losing game. Given good open-source software, an FPGA implementation would provide greater assurance of security. An FPGA burn-in rig can be built by hand if necessary, or at the very least manufactured in a way that is subject to visual inspection (ie, on a one-layer circuit board with dead-simple 7400-series logic chips). It would be a bit of a throwback these days, but we're deep into whom-can-you- trust territory at this point and going for lower tech is worth it if it means tech that you can still inspect and verify. Bear _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography