[Cryptography] NIST should publish Suite A
Bill Stewart
bill.stewart at pobox.com
Tue Nov 12 21:56:58 EST 2013
At 03:28 AM 11/12/2013, Jerry Leichter wrote:
>The NSA would have no reason to be concerned about Suite A being
>attackable *by NSA*.
Huh? Of course they would.
Half* the NSA's job is to crack communications, half of it's to protect them.
The people whose job is to protect codes have a responsibility to
their customers
to make sure that the code-crackers can't crack them,
not only because the customers might insist on it,
but because good operational security includes considering threat models like
"somebody in the NSA is a mole" or "somebody hired contractors as sysadmins",
and following appropriate least-privilege policies, two-person rules, etc.
Perhaps the crackers' business model also includes having some "Suite
A-Prime" gear
for people they want to attack while telling them it's Suite A gear,
but that's not really the same case at "no reason to be concerned."
(*Ok, sometimes "half" == 99%.)
More information about the cryptography
mailing list