[cryptome] Cryptography Inevitable Failure

  • From: John Young <jya@xxxxxxxxxxxx>
  • To: cypherpunks@xxxxxxxxxx,cryptography@xxxxxxxxxxxxx,cryptome@xxxxxxxxxxxxx
  • Date: Sun, 22 Sep 2013 10:35:33 -0400

Nothing more useful for spies than widely trusted cryptosystems.
Nor do they ever reveal cracking the highly reputable. Neither
confirm nor deny. They do leak vulns, participate in standards
settings earnestly and lackadasiacly, fund good and bad research,
buy good and bad systems, hire good and bad staff and contractors,
engage in open and secret enterprises, issue truthful and false
statements, advise and mislead political leaders in public and
in secret briefings, claim to obey civilian leaders and disobey
them. As Hallam-Baker reported, NSA when confronted with A
and B choices, select both. This obligatory duplicity is avowed
necessary to conceal what is good and what is bad, both
classified for deception.

Presumably there is stash of comsec revelations pre-positioned
for implementation as needs arise and also when needs do not

Duality, duplicity, duping, is the lifeblood and poison of security
as well as insecurity, neither ying nor yang can exist without the
other. Paranoia sustains information assurance.

AES will succumb when the time is ripe for a newborn. Perhaps
the time was ripe for Snowden to midwife the inevitable failure
of NSA and ilk.

Recall NSA's 1997 paper on the inevitable failure of computer
security. Imagine a similar one on encryption awaiting disclosure.
Imagine what would replace encryption as the duplicitor of choice.

Then scale up.

Imagine what will replace over-centralized, over-grown, unmanageable
NSA and its mushrooming gaga'd critics. Not DIRNSAs retiring to
shyster duties, cryptographers gone fat feeding marketable
personnas, not Alice, Bob and Chelsea, not NRL-dudes rigging
the Tor 3-card monte, not end to end rotted MITM and at both ends,
not anything once daring and taunting like cryptoanarchy,
not prize winning WikiLeaks and granting EFF, not fleecing
fat cats and fans for FOI liberation and forever elusive privacy,
not spooning bits of spy feces into yawning mouths of readers.

Then scale down to non-secret means and methods accessible
to everyone. Even the end of official spying and its inevitable
corruption of government by out of control secrecy and dependency
upon the toolmakers of secret comsec.

But can cryptographers imagine the end of cryptography or
are they as bone-headedly duplicitous as those who pay them
to promote paranoia, secrecy, distrust and protection.

At 09:39 AM 9/22/2013, you wrote:
On 22/09/13 16:05 PM, Ed Stone wrote:
Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES?

NIST didn't really "test, select, endorse and promulgate" the AES algorithm, and neither did the NSA.

The process was a competition for open cryptographers, not agencies. It was done this way because we strongly suspected DES interference.

Some 30 algorithms were accepted in the first round, and subject to a year or so worth of scrutiny by the same submitting teams. This then led to a second round of 5 competitors and another long-ish period of aggressive scrutiny. The scrutiny was quite fierce because the reputations of the winners would be made, so the 5 teams did their darndest to undermine the competition. Many famous names were hoping for the prize.

It is the case that NIST (and probably the NSA) selected Rijndael from the 5 finalists. But they did so on the basis of a lot of commentary, and all the critics was agreed that all 5 were secure [0].

So, claiming that the NSA perverted the AES competition faces a much higher burden. They would have had to have done these things:

   * pervert some of the early teams,
   * pervert the selection process to enable their stooges through,
   * and designed something that escaped the aggressive scrutiny
     of the losers.

It's possible, but much harder to get away with.

In contrast, with the DRBG adventure, NSA designed the process, and tacked it onto a more internal NIST standards process. Little or minimal scrutiny from outside, and little or minimal perversion of outsiders necessary in the standardisation phase (but that did come later).


[0] At the time, myself and my team followed it, and we predicted that Rijndael would be the winner ... just by reading all the comments. Note we weren't serious cryptographers, but we provided the Java framework for the competition, so it was a
cryptography mailing list

Other related posts:

  • » [cryptome] Cryptography Inevitable Failure - John Young