[Cryptography] RSA is dead.
Tom Mitchell
mitch at niftyegg.com
Mon Jan 20 14:12:32 EST 2014
On Mon, Jan 20, 2014 at 9:49 AM, John Kelsey <crypto.jmk at gmail.com> wrote:
> Perhaps this is the result of living in a government bubble for awhile, but I certainly saw and heard a lot of the bigger community who thought NSA's involvement in domestic crypto standards and companies was intended to improve security. That's why NSA people were and are openly members of a bunch of standards committees, .....snip...
I should balance John's comment. Many of the security folk I interacted with
considered the presence of NSA folk to be simply self serving to
the NSA goals. The most interesting discussion were over key length and
the limits of ITAR. ITAR apparently painted a better picture
of capabilities and abilities than anything else. Internal
laws as seen from restrictions in Israel, France and other nations
further painted ability and bounds.
Internet usenet archives from the 70's to pre Snowden might be mined
for historic perspective.
Comments ranged from being "involved so nothing unknown
to the agency (plural) would be included" to "keep the tools
dumb" enough that they could but others could not and yes marveling
at the discussions where "boxes", tests and more were discussed
was also telling.
I guess my perspective was that all the serious folk took it
all in with a grain of salt.
As for RSA products they seem to have been resistant to public attacks
for a gosh darn
long period of time. It is not clear (to me) that modern disclosures
have made RSA
products more transparent to anyone.
--
T o m M i t c h e l l
More information about the cryptography
mailing list