Re: [Cfrg] New red herring from NSA on cryptographic algorithms
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 29 January 2016 13:13 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3441AC449 for <cfrg@ietfa.amsl.com>; Fri, 29 Jan 2016 05:13:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.621
X-Spam-Level:
X-Spam-Status: No, score=0.621 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Ws61SsqCPg3 for <cfrg@ietfa.amsl.com>; Fri, 29 Jan 2016 05:13:48 -0800 (PST)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3C1C1AC43B for <cfrg@irtf.org>; Fri, 29 Jan 2016 05:13:47 -0800 (PST)
Received: by mail-lf0-x22e.google.com with SMTP id s81so46764891lfd.0 for <cfrg@irtf.org>; Fri, 29 Jan 2016 05:13:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=GTxm9AYn4hi0uuqmB/QG1L2uW1Oymg/EFJYn6vFOmG4=; b=Ybuk4zrW0o4l9MyXWwTtTiprtjT4XdsOLFj1GOLOSJ/cGn+vCnXqkj7lWczppIOjs2 yWxLw+LqDyht0yBFc46j7H4eVzJ0zTgGMjYdvzZ6V6ICkfYHeTOozFPrWCa+OewrRHAs xUnxG943tesiyFf4Vv6wZfayc9XPQ99swc5lGc3LZHzXh3CY6AiVLARBsbauxgP8sKek uwAfKGdgbTn/5sm39hjkgmEYpD25DT57fVoOZvv9WFCWwC62L2PA2U1FaayJplQRaOLa Y3OqMlEwQpQ3wNNvSnQp2SYxEU5NKu2sL9fA52zvv57FnvsQDwCr34hyOgPkedD/pjWJ WHiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=GTxm9AYn4hi0uuqmB/QG1L2uW1Oymg/EFJYn6vFOmG4=; b=B/pvnQu7/yoLI0x9RdOX8wVGVxs31F1Pp4SsoWMmvIXb/ZpAqe7Trjh+Bd2U+9HlHt /7t5Y9vVqMrzQiEjAFz54Ebq0vhhArvNIGbpMwLatz6ZjvLwmJ5wlNZ0hfNbZMDpTgzO couF90O+FqNIogqTgJBKyOwEhJ9h6IzEOU7uZ9INCNBnjwbLxfM1biBL4v/hUEzMq9LN B0atxlKXioOh/Y4kGAllDDaP+66KnmR64qYagy1amEdGHy7pYW9Gr21e2nc9MWkr3P7E Kmt1qY1t7EDuFh7p/lRUciuNTD6aKgz1Bh6baY/tUgKlJqx7ceAHcdT7itt9F+48QfsO mv8A==
X-Gm-Message-State: AG10YOQnNxZkyEHKlI4l8AAssLABkBe7DNdyNAfEZUKFF+oxfpuDJLtzvvELsghtIbqPAIT/u4FAvSLIUW3oiQ==
MIME-Version: 1.0
X-Received: by 10.25.170.203 with SMTP id t194mr2641832lfe.48.1454073226159; Fri, 29 Jan 2016 05:13:46 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.1.33 with HTTP; Fri, 29 Jan 2016 05:13:46 -0800 (PST)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BDB857@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4BDB857@uxcn10-5.UoA.auckland.ac.nz>
Date: Fri, 29 Jan 2016 08:13:46 -0500
X-Google-Sender-Auth: eKOyM47kQDROF4Gn6uvN4aMgfoc
Message-ID: <CAMm+LwgSB1jE=G1jVKkrbpgwYDZQJ9SXN+ydOFE9CYAsf_gWXQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/B-HNyvBc3Ssl3M3Ha-IurB22_po>
Cc: IRTF CFRG <cfrg@irtf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [Cfrg] New red herring from NSA on cryptographic algorithms
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 13:13:49 -0000
On Thu, Jan 28, 2016 at 11:25 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Phillip Hallam-Baker <phill@hallambaker.com> writes: > >>On the QC stuff. Of course we have to start looking at that now. But I think >>we need to look at the problem on two separate tracks: >> >>1) Find a public key algorithm that resists QC using Shorr's algorithm. >>2) Find a mechanism that makes symmetric key feasible in place of public. > > You forgot step 0: > > 0) Figure out whether any of this stuff is actually necessary > > This is just a bunch of random numbers pulled out of thin air, just as Suite B > was in its day, and CCEP was before that. There's no empirical argument > supporting any of this, just a huge what-if. For all we know the entire > document could have come about from a barroom bet, "Well Bill, you had them > chasing the Suite B white elephant, Dave got them really good with Dual-EC, > now it's my turn to see how high I can make them jump. And best of all, TAO > will love me for it because they'll have to throw out most of their already- > deployed, partially-patched-up infrastructure and start again, leading to lots > of new exploitable mistakes and errors". > > If you're worried about QC, why aren't you worried about TWINKLE/TWIRL, which > is at least as feasible, if not more so, than QC, and has been around much > longer? TWINKLE/TWIRL is an attack we are concerned about. Hence the move to EC. But you are right that the bigger problem is the lack of infrastructure. Hence my Mathematical Mesh proposal. Cryptography today is just too hard to get working. And getting it right is harder still. Take a look at 'getting started' guides on the net for SSH. They all have to get around the bootstrap problem of how do you SSH to a terminal using public key auth before you have public key auth in ugly and insecure ways. Either I am the only person developing code who uses multiple machines or people solve the usability problem by using the same private key on all their machines. That would be OK if it was on a token but I kinda suspect most don't do that. I don't think you have quite got the NSA position right either. I think this is a part of a realignment that Snowden has forced onto them. The systemic problem in the agency is that it is 90% civilian but the senior management is entirely composed of military officers who will be sacked if they don't get a promotion every 18 months. Up or out is a really shitty way to run any company, And not just because of the cost to employees. It means that you are guaranteeing that the senior management who should be the ones thinking about the long term are focused like a laser on the short. Bad enough in industry, when 90% of your workforce is tenured civil service, its catastrophic. What Snowden revealed was a bunch of Powerpoint slides made by Majors trying to make Colonel. And they were dressing everything they could up in aggressive terms because all Alexander was interested in was attack. US has not been forced to fight a defensive war in over a century. What all the Senators most likely to come to the defense of the agency on PRISM etc. have in common is that they are due for retirement. So now the agency has to face the real possibility that its main reason for being will vanish. They will probably be able to do some surveillance in the future but it won't be pervasive. So they have to find a new relevance and they are getting serious about the cyber-engagement risks if they are going to maintain their funding in the long term.
- Re: [Cfrg] New red herring from NSA on cryptograp… Peter Gutmann
- Re: [Cfrg] New red herring from NSA on cryptograp… Phillip Hallam-Baker