On 10/23/2013 10:43 AM, Stephen Kent wrote:
The major NIST crypto standards are the result of solicitations that are open to the world, at least in the recent past.AES was developed by two Belgians. SHA-3 is the result of work more Belgians. Should we infer that NSA co-opted theseBelgian crypto experts?
Since I've never participated in those processes, but did assume that the major benefit of open review would be assurance of 'valid' operation, I'm left with the conclusion that the compromised algorithms did not receive sufficiently diligent review.
Or is there some other aspect of the technology or process that would account for the cited algorithm weakness' slipping through?
I think it is appropriate to focus on specific NIST crypto standards that may have been inappropriately influenced, rather than assuming that every NIST crypto standard is suspect. So far, the only NIST crypto standard I've seen for which there appears to be an objectively-justified concern is the PRNG based on ECC.
This presumes that we/the-public know the full list of inappropriately influenced work and that there is a way of detecting inappropriate influence on future work.
Since such monitoring and alerting failed in the past, what will ensure its succeeding in the future?
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
