[Cryptography] We need a new encryption algorithm competition.
Sandy Harris
sandyinchina at gmail.com
Sun Mar 16 17:47:32 EDT 2014
Phillip Hallam-Baker <hallam at gmail.com> wrote:
> On Sun, Mar 16, 2014 at 12:33 AM, James A. Donald <jamesd at echeque.com>
> wrote:
>>
>> On Sat, 15 Mar 2014 16:31:05 ianG wrote:
>>>
>>> If people stop believing in institutions such as standards bodies,
>>> certification bodies, and governments, the question is, what or whom
>>> will they trust? And what could actually deliver that trust?
>>>
>>> It seems that without a good answer to that, there isn't much point in
>>> choosing one technical approach versus another.
>>
>>
>> Trust individuals.
>>
>> As I posted on this list previously:
>>
>> Let us have Jon Callas as unelected president for life of symmetric
>> cryptography, Bernstein as God King of public key cryptography.
That's not enough. For a block cipher, tell me Callas designed it,
Knudsen says he cannot break the algorithm, and Bellovin has
approved the proposed usage, and you are pretty close.
You also need a gang for hashes -- Preneel and who else? Then
one for random number generators.
> Right now we have a fairly well established mandatory to implement set:
> ...
>
> So we can hypothesize a backup set of algorithms:
>
> ??, SHA3, HMAC-SHA3 / ??-CCM, ECDH, ECDSA
>
> Spot the problem? We currently have no backup for an encryption algorithm.
I think the problem is that you include DSA. As I see it, that should be
deprecated now and removed from future versions all standards as
hopelessly flawed. It is just too fragile.
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Sensitivity
> We really do need a backup for that slot and I don't think we can just take
> one of the AES runners up.
I do. Better, take all of them with open licenses, which I think is all
except RC6. Anywhere that AES is a MUST, make them all
SHOULD. Cost is low since there are open source implementations.
> The criteria for a reserve algorithm are not the
> same as for the default. Since the idea is that you can depend on the
> reserve algorithm even if the default is broken, it has to be tuned for
> security rather than performance.
So use Serpent, apparently the most conservative choice among
the AES candidates.
More information about the cryptography
mailing list