Comment by jmprspret
3 years ago
I believe you have a very naive and trusting view of these US governmental bodies. I don't intend that to be an insult, but by now I think the jury is out that these agencies cannot be trusted (the NSA less so, than NIST).
I'm not sure about corrupting NIST nor corrupting individual officials of NIST, but I can easily imagine NIST committees not understanding something, being tricked, not looking closely, protecting big orgs by default (without maliciousness), and overall being sloppy.
Running standards without full transparency, in my experiences of web security standards + web GPU standards is almost always due to hiding weaknesses, incompetence, security gaps of big players, & internal politics of these powerful incumbents. Think some hardware vendor not playing ball without guarantee of privacy, some Google/Apple committee member dragging their feet because of internal politics & monopoly plays. Seperately, mistakes may come from standards committee member glossing over stuff in emails because they're busy: senior folks are the most technically qualified yet also most busy. Generally not because some NSA/CIA employee is telling them to do something sneaky or lying. Still FOIA-worthy (and why I rather public lists for standards), but for much lamer reasons.
> ...but I can easily imagine NIST committees not understanding something, being tricked, not looking closely, protecting big orgs by default (without maliciousness), and overall being sloppy.
I agree with this. And I think that this is more likely to be the case. But I really think with all that we now know about US governmental organisations the possibility of backdoors or coercion should not be ruled out.
Even when you're trying to be charitable, you're wildly missing the point. I don't give a fuck about NIST or NSA. I don't trust either of them and I don't even buy into the premise of what NIST is supposed to be doing: I think formal cryptographic standards are a force for evil. The point isn't that NIST is trustworthy. The point is that the PQC finalist teams are comprised of academic cryptographers from around the world with unimpeachable reputations, and it's ludicrous to suggest that NSA could have compromised them.
The whole point of the competition structure is that you don't simply have to trust NIST; the competitors (and cryptographers who aren't even entrants in the contest) are peer reviewing each other, and NIST is refereeing.
What Bernstein is counting on here is that his cheering section doesn't know the names of any cryptographers besides "djb", Bruce Schneier, and maybe, just maybe, Joan Daemen. If they knew anything about who the PQC team members were, they'd shoot milk out their nose at the suggestion that NSA had suborned backdoors from them. What's upsetting is that he knows this, and he knows you don't know this, and he's exploiting that.
22 replies →
I think you need to re-read my comment, because you have not comprehended what I just wrote.
You said:
> the motivation behind those requests is risible.
It is quite hilarious that NIST suckered the industry into actually using Dual-EC, despite being worse than the other possible choices in nearly every respect. And this ignores the fact that the backdoor was publicly known for years. This actually happened; it’s not a joke.
The motivation behind the FOIA requests is to attempt to see whether any funny business is going on with PQ crypto.
If the NSA actually suckers any major commercial player into using a broken PQ scheme without a well-established classical scheme as a backup, that will be risible too.
Dual_EC keeps getting brought up, but I have to ask: does anybody have any real evidence that it was widely deployed? My recollection is that it basically didn't appear anywhere outside of a handful of not-widely-used FIPS-certified libraries, and wasn't even the default in any of them except RSA's BSAFE.
The closest thing we have to evidence that Dual_EC was exploited in the wild seems to be a bunch of circumstantial evidence around its role in the OPM hack which, if true, is much more of a "self own" than anything else.
12 replies →
> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.
maybe you don't know what risible means, but it reads like you're saying that the NSA "somehow" coercing someone is unlikely, which i'm sure you can agree is a "very naive and trusting view"
Nowhere does the comment say that the NSA "somehow" coercing someone is unlikely. Hence, it's fair question whether the comment had been comprehended, because it seems it hasn't in this thread. If comprehension begets intelligence than conclusions born from misunderstanding exude stupidity.
And, dropping the pedantry, it's quite frustrating to be deliberately or casually or in whatever way misrepresented by drive-by commenters in an otherwise apt discussion thread. Your comment and the one tptacek responded to are patronizing and dismissive and really don't contribute to any interesting discourse on the topic. I think it's fair to dismiss stupid drive-by low-effort quips, personally.
No part of what I said had anything to do with what NSA would or wouldn't attempt to do.
If you don't understand what I wrote, ask questions. What you did instead was leap to stupid conclusions.
19 replies →
Maybe he does know what risible means and is in fact extremely well informed, much better informed than you are, to the point where offering sarcasm on the apparent basis of absolutely nothing but what you've learnt from the internet is actually not a valuable contribution to the conversation but instead embarrassing. Have you considered this possibility as well?
I think it's naive and trusting only on the surface, but with some clear intent and goal underneath. In the past he has held a different stance, but it suddenly changed some time after Matasano.
Can I ask that, if you're going to accuse me of shilling in an HN thread, you at least come up with something that I'm shilling? I don't care what it is; you can say that I'm shilling for Infowars Life ProstaGuard Prostate Health Supplement with Saw Palmetto and Anti-Oxidant, for all I care, just identify something.
It's very disconcerting, for the sake of open and honest discourse, that you or someone else decided to flag (and thus censor) my reply to this request.
1 reply →
1 reply →