Mathematician warns NSA may be weakening next-gen encryption::Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process
Daniel Bernstein (djb) is a well known and respected cryptography researcher so his claim carries a lot of weight. It’s also worth noting that NIST didn’t invent these post quantum encryption algorithm. Instead, they run a competition and select a winner. Djb’s algorithm got a second place, so people were wondering if he’s just being salty about it, though if NIST were really compromised, it’s not hard to imagine they’ll select a weaker algorithm as the winner instead. NIST has posted a response which might be worth a read.
Edit: added links to djb’s original post
deleted by creator
They did it before and they’ll do it again.
I wish I could understand that math in that thread.
I have great respect for djb, but he was an ass here.
Thanks for that link - this whole story is massively overblown clickbait.
The second link has replies that even say the OPs link contains conspiracy theory. The discussion there is better than all else, IMO.
Note: not denying Dan’s claim as I’m not an expert here, just reiterating what I’m reading.
Yeah - at the very list it shows that this is more “reasonable people disagreeing about a detail” than it is “OMG THE NSA IS DESTROYING CRYPTO!”
I mean, DJB does mention NSA has more involvement over NIST than he expected, but that also doesn’t mean their would be collaboration.
In my non-expert reading, NIST made it seem better than it was, DJB disagreed but overestimated how bad it was, and NIST “sort of” said “yea OK we may have bragged.”
Either way, DJB is right to call out something being weaker than it should be. False confidence in encryption is about the worse thing that could happen in the digital age.
Yeah - DJB definitely has a point to make and deserves to be listened to. But “Mathematician has questions about crypto complexity guidelines from NIST” isn’t click-baity enough.
If this is true, NSA might be shooting themselves in the foot when they inevitably have to deal with Russia and China.
Just a guess, but I think they’re less concerned about the giant country’s surveillance of us, and more concerned about not being able to surveil the little terrorist cells.
or you know conversations with your healthcare providers
or the company VPNs of other continents.
They probably consider that they overall lose more with strong cryptography, than the risk of other countries intercepting US communications. They must have other solutions in place to protect confident information. But they likely struggle with encryption being so widely used by anyone. Even granmas can now cover their communications without much effort
From what it sounds like, he’s not saying the algorithm is compromised itself, but rather that NIST is recommending a weaker version of it as sufficiently safe at (possibly) the request of the NSA. If that is the case we would know for sure pretty quickly once DISA updates their STIGs for internal use to include quantum resistant encryption. If the STIGs say to use a stronger version than NIST recommends then he was right.
Hopefully we work around this, encryption is more important now than ever.
Removed by mod
There is no such thing as unbreakable encryption. If you want to hide a message, hide it at the source with the way you phrase things. I still have to buy weed illegally, and I use Signal, but I don’t tell the person I buy it from, “hey, I want a half-ounce of weed and I’ll pick it up on Friday at 2 pm,” I say something like, “hey, are you free this weekend?” And then they’ll say something like, “yeah, do you want to get your usual thing?” and then we’ll arrange a time.
And yes, I see the irony about talking about buying weed illegally when someone could potentially find out who I am on Lemmy.
…there very much is practically unbreakable encryption. We use those every day (it’s part of the s in https).
And your example is just a very rudimentary form of encryption that is far far weaker than the typical encryption methods used on the internet today.
True encryption does exist, it’s just that the encryption key is equally as long as the message itself which shows how impractical it is: if you have a method secure enough to send an encryption key of length X, why not just send the actual message of length X?
That’s interesting. I’ve never heard that before. Do you have more information I can read about somewhere?
Is that what they’re talking about?
Yes
But one-time pads aren’t impractical like they said?
One-time pads are impractical because the sender and the target need to meet up beforehand and agree on a code, and no one else should know this code. With modern encryption, this is not necessary. The target can come up with both the encryption and decryption algorithms, and send only the first to the sender publicly.