[Cryptography] RSA is dead.
Miles Fidelman
mfidelman at meetinghouse.net
Sun Dec 22 19:27:40 EST 2013
Kent Borg wrote:
> On 12/22/2013 06:17 PM, Patrick Mylund Nielsen wrote:
>> You're assuming that, not only will anyone look at your code at all,
>> they will have training in cryptography, know to be looking for
>> something bad, and spend a large amount of time on finding it.
>
> The NSA should do that.
>
> If the NSA were doing their job, if they really looked that the
> landscape and wondered where the risks are...THEY would be doing this
> code review. (They probably are.) And publishing the results. (They
> are not.) And suggesting good fixes. (I can dream...)
>
> Cyber threats are a place where defense really can work. It is such a
> shame the US government chose to militarize the internet instead of
> making it safer for everyone. Safer for everyone, they are too
> jealous for that.
Actually, in my experience, NSA has two very different groups of people
working on crypto - one group tries to break it, the other builds it.
The ones who build it try to make it very secure - since most of their
stuff goes to the military. And then you have folks like the Naval
Research Lab who brought us TOR, and folks in the State Dept. who are
sponsoring crypto work for dissident groups (the ones we like, of
course) - who also try to build pretty secure stuff.
Now how much the NIST folks - who set standards for commercial crypto -
build in back doors, is less clear.
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
More information about the cryptography
mailing list