[Cryptography] VCAT report on NIST's process review

John Young jya at pipeline.com
Tue Jul 15 13:58:56 EDT 2014 

But, Ben, doesn't this Reuters report today reassure all is well in
crypto colonialism?

[Quote]

http://www.reuters.com/article/2014/07/15/usa-nsa-software-idUSL2N0PP2BM20140715 


Experts report potential software "back doors" in U.S. standards

BY JOSEPH MENN

SAN FRANCISCO, July 14 Mon Jul 14, 2014 8:58pm EDT

(Reuters) - U.S. government standards for software may enable spying by the
National Security Agency through widely used coding formulas that should be
jettisoned, some of the country's top independent experts concluded in papers
released on Monday. ...

As a whole, the panels recommended that NIST review its obligation to confer
with the NSA and seek legal changes "where it hinders its ability to
independently develop the best cryptographic standards to serve not only the
United States government but the broader community."

They also urged NIST to weigh the advice of individual task force members who
made more dramatic suggestions, such as calling for the replacement of a
larger set of curves approved for authenticating users, in part because they
were selected through unclear means by the NSA.

"It is possible that the specified curves contain a back door somehow," said
Massachusetts Institute of Technology professor Ron Rivest, a co-founder of
RSA and the source of the letter R in its name. Though the curves could be
fine, he wrote, "it seems prudent to assume the worst and transition away."

More broadly, Rivest wrote, "NIST should ask the NSA for full disclosure
regarding all existing standards... If NSA refuses to answer such an inquiry,
then any standard developed with significant NSA input should be assumed to
be `tainted,'" absent proof of security acceptable to outsiders.

In an email exchange, Rivest told Reuters that "NIST needs to have a process
whereby evidence is publicly presented" about how the curves were chosen.

The curves faulted on Monday had been questioned by outsiders after media
reports in September said the NSA could break much widely used security
software, without detailing which ones or how. "These curves are ubiquitous
in commercial cryptography," Johns Hopkins University professor Matthew Green
said in an interview. "If you connected to Google or Facebook today, you
probably used one."

Rivest's long association with RSA, now part of electronic storage maker EMC
Corp, made his remarks more poignant. But prominent task force colleagues
including Internet co-creator Vint Cerf and Ed Felten, former chief
technologist at Federal Trade Commission, also gave strongly worded verdicts
on the Department of Commerce unit.

"It cannot be accepted that NIST's responsibilities should be co-opted by the
NSA's intelligence mission," wrote Cerf, who now works at Google Inc.

While Rivest called the internal history of Dual Elliptic Curve a "smoking
gun" with an "almost certain" NSA back door, Felten wrote that NSA might not
remain alone in its ability to use it and other possible NIST-approved holes
for spying.

In each of three cases, including Dual Elliptic Curve and the more common
curves faulted by Rivest, Felten said the suspected back door access "reduces
the security of users against attack by other adversaries, including
organized crime groups or foreign intelligence services."

The NSA might have been able to generate curves that pass cursory security
tests but are still breakable through the aid of sheer computing power,
because it can try millions of curves and get a few that fit its goals. But a
researcher working for another country could discover the flaw, Felten said.

[Unquote]



At 05:08 AM 7/15/2014, you wrote:
>On 14 July 2014 21:51, John Kelsey <crypto.jmk at gmail.com> wrote:
> > Everyone,
> >
> > The VCAT (one of our oversight committees) convened a panel of experts to
> > look over our interactions with NSA in our past cryptographic standards,
> > including Dual EC.  For those interested in the results and the materials
> > posted, they can be found at
> >
> > 
> http://www.nist.gov/director/vcat/cryptographic-standards-guidelines-process.cfm
>
>And this is how the NSA will be dealt with:
>
>"NIST may seek the advice of the NSA on cryptographic matters but it
>must be in a position to
>assess it and reject it when warranted. This may be accomplished by
>NIST itself or by engaging
>the cryptographic community during the development and review of any
>particular standard.
>
>The VCAT recommends that NIST senior management reviews the current
>requirement for
>interaction with the NSA and requests changes where it hinders its
>ability to independently
>develop the best cryptographic standards to serve not only the United
>States Government but
>the broader community"
>
>I feel so reassured.
>_______________________________________________
>The cryptography mailing list
>cryptography at metzdowd.com
>http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list