[Cryptography] RSA is dead.

John Kelsey crypto.jmk at gmail.com
Mon Jan 20 12:49:32 EST 2014


Perhaps this is the result of living in a government bubble for awhile, but I certainly saw and heard a lot of the bigger community who thought NSA's involvement in domestic crypto standards and companies was intended to improve security.  That's why NSA people were and are openly members of a bunch of standards committees, why people invited NSA guys to give talks and take part in competitions, why people were using stuff like SE Linux.  People have been using DSA, the NIST curves, SHA1, and SHA2 for many years, believing them secure--because the assumption was that NSA wasn't putting backdoored stuff out there.  

That's part of the collateral damage of the dual ec drbg trapdoor.  They had spent 10-15 years trying to build a good relationship with the crypto and computer security community, and when this came out, they lost that relationship.  Researchers will still take their money, government agencies required by law to work with them will continue to do so, but the default assumption won't be "they're on our side" anymore.  The ultimate cost of that will be many times higher than however much was budgeted for the project that got the dual ec drbg into the world.  

--John, definitely speaking only for myself


More information about the cryptography mailing list