[Cryptography] NSA versus DES etc....

ianG iang at iang.org
Wed Oct 1 13:33:23 EDT 2014


On 28/09/2014 23:34 pm, Russ Nelson wrote:
> Richard Outerbridge writes:
>  > On 2014-09-24 (267), at 02:09:17, John Denker <jsd at av8n.com> wrote:
>  > 
>  > > The entirely foreseeable result of putting out a
>  > > weakened cipher standard was that friends would use
>  > > the weakened version and enemies would very rapidly
>  > > come up with a non-weakened version.
>  > 
>  > Y'know, I really don't believe the NSA have ever been
>  > that dumb.
> 
> Why not? All of corporate America is that dumb. Corporate America has
> all the incentives in the world to make money, while the NSA has the
> usual bureaucratic (weaker) incentives.
> 
> Every corporate leader who says "I will protect my IP by taking steps
> which make it harder to use" is indulging in this error. Why should
> the NSA be any different?
> 
> http://www.crynwr.com/on-being-proprietary.html


One point for:  Suite A and friends, which remains a heavily shared secret.

One point against:  In this particular place called cryptography, there
is a frequently repeated aphorism "the enemy knows my algorithm"
recently attributed as Shannon's maxim and historically as Kerckhoffs'
2nd Principle.

I guess the various well-funded enemies have figured out each other's
secret algorithms by now, but out of politeness and common interest they
cartelise the secrets.

iang


More information about the cryptography mailing list