Comment by lazide
3 years ago
Would you really want every random corporation having some random person pick from the list of open source cipher packages? Which last I checked , still included things like 3DES, MD5, etc.
You might as well hand a drunk monkey a loaded sub machine gun.
Every random corporation having some random person picking from a list of open source cipher packages isn't the only alternative to strictly requiring the algorithm be NIST approved. It may be the worst possible alternative one could conceive though, and one that would probably take more work to do than something more reasonable anyways.
Surely I'm misunderstanding, are you really advocating that people should roll their own encryption algorithms from scratch? As in, they should invent novel and secure algorithms in isolation? And this should happen.... at every major enterprise or software company in the world?
You are completely misunderstanding yes.
I'm saying some standards body is appropriate for validating/vetting algorithms, and having a standards body advocate for known reasonable ones is... reasonable and desirable.
That NIST has a history of being compromised by the NSA (and other standards bodies would likely similarly be a target), is a problem. But having everyone 'figure it out' on their own is even worse. 'hand a drunk monkey a loaded submachine gun' worse.
> That NIST has a history of being compromised by the NSA is a problem.
It's a disqualifying problem. If you go to a standards body to prevent yourself from making unintentional mistakes, and they have introduced intentional mistakes, any other reasonable option is better.
1 reply →
That makes much more sense. Thank you for the clarification.
What’s wrong with 3DES?
Is it your view that the only way a group of humans can come together to make intelligent decisions and a group, is part of a national government? Why can't an organization of private individuals do so?