[Cryptography] NSA and cryptanalysis

Perry E. Metzger perry at piermont.com
Sun Sep 1 18:06:20 EDT 2013


On Sun, 1 Sep 2013 16:33:56 -0400 Jerry Leichter <leichter at lrw.com>
wrote:
> 
> On Sep 1, 2013, at 2:11 PM, Perry E. Metzger wrote:
> 
> > On Sun, 1 Sep 2013 07:11:06 -0400 Jerry Leichter
> > <leichter at lrw.com> wrote:
> >> Meanwhile, just what evidence do we really have that AES is
> >> secure?
> > 
> > The fact that the USG likes using it, too.
> We know they *say in public* that it's acceptable.  But do we know
> what they *actually use*?

We know what they spec for use by the rest of the US government in
Suite B.

http://www.nsa.gov/ia/programs/suiteb_cryptography/

  AES with 128-bit keys provides adequate protection for classified
  information up to the SECRET level. Similarly, ECDH and ECDSA using
  the 256-bit prime modulus elliptic curve as specified in FIPS PUB
  186-3 and SHA-256 provide adequate protection for classified
  information up to the SECRET level. Until the conclusion of the
  transition period defined in CNSSP-15, DH, DSA and RSA can be used
  with a 2048-bit modulus to protect classified information up to the
  SECRET level.

  AES with 256-bit keys, Elliptic Curve Public Key Cryptography using
  the 384-bit prime modulus elliptic curve as specified in FIPS PUB
  186-3 and SHA-384 are required to protect classified information at
  the TOP SECRET level. Since some products approved to protect
  classified information up to the TOP SECRET level will only contain
  algorithms with these parameters, algorithm interoperability between
  various products can only be guaranteed by having these parameters as
  options.

We clearly cannot be absolutely sure of what they actually use, but
we know what they procure commercially. If you feel this is all a big
disinformation campaign, please feel free to give evidence for that. I
certainly won't exclude the possibility, but I find it unlikely.

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list