Comment by glitchc

3 years ago

Many government or government affiliated organizations are required to comply with NIST approved algorithms by regulation or for interoperability. If NIST cannot be trusted as a reputable source it leaves those organizations in limbo. They are not equipped to roll their own crypto and even if they did, it would be a disaster.

14 comments

glitchc

Reply
icodestuff  3 years ago

"Other people have no choice but to trust NIST" is not a good argument for trusting NIST. Somehow I don't imagine the NSA is concerned about -- and is probably actively in favor of -- those organizations having backdoors.

  • wmf  3 years ago

    It's an argument for fixing NIST so that it is trustworthy again.

    • throwaway654329  3 years ago

      This.

      One wonders if NIST can be fixed or if it should simply be abolished with all archives opened in the interest of restoring faith in the government. The damage done by NSA and NIST is much larger than either of those organizations.

      1 reply →

zamadatix  3 years ago

"Roll your own crypto" typically refers to making your own algorithm or implementation of an algorithm not choosing the algorithm.

  • lazide  3 years ago

    Would you really want every random corporation having some random person pick from the list of open source cipher packages? Which last I checked , still included things like 3DES, MD5, etc.

    You might as well hand a drunk monkey a loaded sub machine gun.

    • zamadatix  3 years ago

      Every random corporation having some random person picking from a list of open source cipher packages isn't the only alternative to strictly requiring the algorithm be NIST approved. It may be the worst possible alternative one could conceive though, and one that would probably take more work to do than something more reasonable anyways.

    • CodeSgt  3 years ago

      Surely I'm misunderstanding, are you really advocating that people should roll their own encryption algorithms from scratch? As in, they should invent novel and secure algorithms in isolation? And this should happen.... at every major enterprise or software company in the world?

      4 replies →

    • lupire  3 years ago

      Is it your view that the only way a group of humans can come together to make intelligent decisions and a group, is part of a national government? Why can't an organization of private individuals do so?