[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

Ray Dillinger bear at sonic.net
Mon Oct 7 12:45:10 EDT 2013



-------- Original message --------
From: Jerry Leichter <leichter at lrw.com> 
Date: 10/06/2013  15:35  (GMT-08:00) 
To: John Kelsey <crypto.jmk at gmail.com> 
Cc: "cryptography at metzdowd.com List" <cryptography at metzdowd.com>,Christoph Anton Mitterer <calestyo at scientia.net>,james hughes <hughejp at mac.com>,Dirk-Willem van Gulik <dirkx at webweaving.org> 
Subject: Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was:
 	NIST about to weaken SHA3? 
 
On Oct 5, 2013, at 9:29 PM, John Kelsey wrote:
  Really, you are talking more about the ability to *remove* algorithms.  We still have stuff using MD5 and RC4 (and we'll probably have stuff using dual ec drbg years from now) because while our standards have lots of options and it's usually easy to add new ones, it's very hard to take any away.

Can we do anything about that? If the protocol allows correction (particularly remote or automated correction) of an entity using a weak crypto primitive, that opens up a whole new set of attacks on strong primitives.

We'd like the answer to be that people will decline to communicate with you if you use a weak system,  but honestly when was the last time you had that degree of choice in from whom you get exactly the content and services you need?

Can we even make renegotiating the cipher suite inconveniently long or heavy so defaulting weak becomes progressively more costly as more people default strong? That opens up denial of service attacks, and besides it makes it painful to be the first to default strong.

Can a check for a revoked signature for the cipher's security help? That makes the CA into a point of control.

Anybody got a practical idea?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131007/58ad22ae/attachment.html>


More information about the cryptography mailing list