On 09/05/2013 07:00 PM, Jon Callas wrote:

I don't think they're actively bad, though. For the purpose they were created 
for --
parallelizable authenticatedencryption -- it serves its purpose. You can have a
decent implementor implement them right in hardware and walk away.

Given some of the things in the Snowden files, I think it has become the case
that one ought not trust any mass-produced crypto hardware.  It is clearly on
the agenda of the NSA to weaken the communications infrastructure of American
and other business, specifically at the level of chip manufacturers.  And
chips are too much of a black-box for anyone to easily inspect and too much
subject to IP/Copyright issues for anyone who does to talk much about what
they find.  Seriously; microplaning, micrography, analysis, and then you get
sued if you talk about what you find?  It's a losing game.

Given good open-source software, an FPGA implementation would provide greater
assurance of security. An FPGA burn-in rig can be built by hand if necessary,
or at the very least manufactured in a way that is subject to visual inspection
(ie, on a one-layer circuit board with dead-simple 7400-series logic chips).
It would be a bit of a throwback these days, but we're deep into whom-can-you-
trust territory at this point and going for lower tech is worth it if it means
tech that you can still inspect and verify.


The cryptography mailing list

Reply via email to