[Cryptography] NIST should publish Suite A

Bill Stewart bill.stewart at pobox.com
Tue Nov 12 21:56:58 EST 2013


At 03:28 AM 11/12/2013, Jerry Leichter wrote:
>The NSA would have no reason to be concerned about Suite A being 
>attackable *by NSA*.

Huh?  Of course they would.
Half* the NSA's job is to crack communications, half of it's to protect them.
The people whose job is to protect codes have a responsibility to 
their customers
to make sure that the code-crackers can't crack them,
not only because the customers might insist on it,
but because good operational security includes considering threat models like
"somebody in the NSA is a mole" or "somebody hired contractors as sysadmins",
and following appropriate least-privilege policies, two-person rules, etc.

Perhaps the crackers' business model also includes having some "Suite 
A-Prime" gear
for people they want to attack while telling them it's Suite A gear,
but that's not really the same case at "no reason to be concerned."


(*Ok, sometimes "half" == 99%.)



More information about the cryptography mailing list