• Otter
    link
    fedilink
    English
    2121 year ago

    Relevant bit for those that don’t click through:

    Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for “post-quantum cryptography” (PQC). He also believes that NIST has made errors – either accidental or deliberate – in calculations describing the security of the new standards. NIST denies the claims.

    “NIST isn’t following procedures designed to stop NSA from weakening PQC,” says Bernstein. “People choosing cryptographic standards should be transparently and verifiably following clear public rules so that we don’t need to worry about their motivations. NIST promised transparency and then claimed it had shown all its work, but that claim simply isn’t true.”

    Also, is this the same Daniel Bernstein from the 95’ ruling?

    The export of cryptography from the United States was controlled as a munition starting from the Cold War until recategorization in 1996, with further relaxation in the late 1990s.[6] In 1995, Bernstein brought the court case Bernstein v. United States. The ruling in the case declared that software was protected speech under the First Amendment, which contributed to regulatory changes reducing controls on encryption.[7] Bernstein was originally represented by the Electronic Frontier Foundation.[8] He later represented himself.[9]

    source; https://en.wikipedia.org/wiki/Daniel_J._Bernstein

    • NightLily
      link
      fedilink
      English
      1011 year ago

      So highly reputable source with skin in the game thanks for the explanation.

      • @[email protected]
        link
        fedilink
        English
        65
        edit-2
        1 year ago

        WHAT THE FUCK? This guys a stone cold fuckin gangster!

        At 24 he took the largest surveillance apparatus in history to court… and won! He even raw dogged it — representing himself for a portion of the trial.

        He’s my hero!

      • @[email protected]
        link
        fedilink
        English
        581 year ago

        Honestly, I think his communication here is fine. He’s probably going to offend some people at NIST, but it seems like he’s already tried the cooperative route and is now willing to burn some bridges to bring things to light.

        It reads like he’s playing mathematics and not politics, which is exactly what you want from a cryptography researcher.

    • @[email protected]
      link
      fedilink
      English
      36
      edit-2
      1 year ago

      Sadly not new. The USA considers encryption to be a weapon of war (thanks Germany), so they do whatever they can to interfere with it. If you are making a new encryption scheme it will be illegal if the government doesn’t have an easy way to break it.

      Edit: the guy that made pgp got in a stink with the government if memory serves they tried to bop him with something to do with itar.

      • @[email protected]
        link
        fedilink
        English
        17
        edit-2
        1 year ago

        I have a pet theory that a lot of our passionate “movements” that get us all angry and upset are only those movements that benefit someone powerful.

        I see stuff like this and think, “well that’s another coin in that jar”

        Like this should piss so many people off. Its something enough people know about. It’s something that you would think would have all kinds of groups up in arms about. Like ask any self respecting 2A enthusiasts if the government should keep skeleton key to every lock in their house.

        But at least there is Daniel Bernstein

      • Otter
        link
        fedilink
        English
        9
        edit-2
        1 year ago

        it will be illegal if the government doesn’t have an easy way to break it

        Aren’t there a lot of existing standards already can’t be broken easily (by anyone)? That’s why we have all these recent attempts to force backdoors into encrypted apps

        Or is it just extra scrutiny if you’re trying to make a new one

        • @[email protected]
          link
          fedilink
          English
          161 year ago

          I’m going to break things down a few levels. Disclaimer: I’m a nerd not a mathematician, so if anyone else can fix my errors that would be great.

          Cryptography is a cat and mouse game. There is currently no “perfect solution” so that A and B can communicate and C has no way of cracking the communication at some point.

          Cryptography is very complex for obvious reasons, but a lot of modern algorithms hinge on the time it takes to calculate prime numbers and test them against encrypted communication. Traditional PCs take an incredibly long time to calculate prime numbers.

          Quantom PCs don’t. The way they operate makes them incredibly helpful for calculating primes, that’s why a lot of cryptographic algorithms will be in jeopardy once it is more widely implemented.

          But back to your question. There are already rumors that NSA is using super fast traditional computers to calculate prime numbers and collect them in a database to make cracking traditional encryption easier.

          The only thing I can think about with is is that for the NSA they are not moving quickly enough to catch up or they suspect any future quantum key encryption will thwart any attempts they made.

          This would be in tandem with moves by the UK parliament to get a law going that implements backdoors in devices or apps (I assume that must be pushed by GCHQ?).

          Personal opinion: encryption with a backdoor is ridiculous. The government likes to represent that they’re the only one to access those, but it only takes one savant 10yo interested in penetration testing or one rogue government employee for this backdoor to be used for malicious purposes. And it’s not like these ppl already exist.

          • @[email protected]
            link
            fedilink
            English
            101 year ago

            So there was an extremely interesting CVE recently about TLS trust issues on Qualcomm modem firmware.

            Astute observers have been asking why modem firmware is implementing TLS exchanges in the first place, leading many to speculate that the NSA was using TLS to authenticate their backdoor, and the keys got leaked.

    • @[email protected]
      link
      fedilink
      English
      141 year ago

      There is np such thing as overkill while some governments actively funding quantum computing projects for the sole purpose of code cracking

    • @[email protected]
      link
      fedilink
      English
      61 year ago

      How do you remove the paywall from the article? Just copy the URL of the article and provide it to archive.today, and that website just bypassed the paywall? How do they manage to bypass it? O.o

      • @[email protected]
        link
        fedilink
        English
        141 year ago

        They need the content to be available for Google indexing reasons, it can only really be blocked through the client.

        A smart enough backend system can access/crawl/index it, just like Google can. And then make it available to the public without the front end annoyance.

      • Cethin
        link
        fedilink
        English
        71 year ago

        I assume the archive doesn’t run the Javascript portion of the site. You can often bypass pay walls with plug-ins that disable JS as well.

        • AlmightySnoo 🐢🇮🇱🇺🇦
          link
          fedilink
          English
          3
          edit-2
          1 year ago

          it also runs with different IP addresses and burner accounts for some websites sometimes requiring you to be registered (LinkedIn for example)

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        I dont think anyone will come to share this knowledge with us since it could be used by newspapers website to block the archiving.

  • MuchPineapples
    link
    fedilink
    English
    381 year ago

    Before, elliptical curve encryption has been hailed as the new golden standard, only too bad there is a serious weakness where if you know the seed you can crack the code. And guess who has the seed? Starts with N and ends with SA.

  • @[email protected]
    link
    fedilink
    English
    34
    edit-2
    1 year ago

    Yeah you can observe this with letsencrypt failing to generate a certificate if you change the elliptic curve from an NSA generated curve to a generic/known safe one. Changing between different NSA curves are functionally fine. Forces all signed certificates to use curves that are known to have issues, deliberate or otherwise - i.e. backdoored.

  • @[email protected]
    link
    fedilink
    English
    191 year ago

    I know someone in this field and sent him this article. He said the “NIST isn’t being transparent” claim isn’t true

    https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927303 https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934458

    He also responded with “of course the NSA would try and mess with it, but if it’s peer reviewed properly I don’t see how they would be successful”