[Cryptography] We need a new encryption algorithm competition.
iang at iang.org
Mon Mar 17 06:28:36 EDT 2014
On 17/03/2014 02:17 am, dan at geer.org wrote:
> Not sure how we got to this discussion, but to synopsize:
>> X is unelected president for life of symmetric cryptography
>> Y is God King of public key cryptography
>> Z is he-who-cannot-break the algorithm
>> Q is he who has approved the proposed usage
>> L,M,N,O are the gang for hashes
>> e,i,Pi are the gang for random number generators
> Ergo, we have the classic problem of governance, that there is no
> more wonderful governance than that of a benevolent dictator, only
> that said wonderfulness is only sustainably wonderful if you can
> solve the succession problem.
Postel was succeeded by ICANN. Do we take the average?
> (The Matrix is not the answer even
> if a rising fraction of all code is machine written.)
> Perhaps orthogonally,
or there's the market. I am not sure myself why there needs to be one
*standard* algorithm or suite as an absolute.
People tend to say things such as, "we know it is good because it uses
AES." But this is just a signal, no more, which means something like
"the author knew something or copied something or something."
As we know, implementation is generally a weaker point than the choice
of alg suite. A well written RC4 implementation is better than a
schlock AES one.
OTOH, the market is also a defence; small players rarely get looked at,
and security by obscurity works for them.
More information about the cryptography