[Cryptography] NSA versus DES etc....
ianG
iang at iang.org
Wed Oct 1 13:33:23 EDT 2014
On 28/09/2014 23:34 pm, Russ Nelson wrote:
> Richard Outerbridge writes:
> > On 2014-09-24 (267), at 02:09:17, John Denker <jsd at av8n.com> wrote:
> >
> > > The entirely foreseeable result of putting out a
> > > weakened cipher standard was that friends would use
> > > the weakened version and enemies would very rapidly
> > > come up with a non-weakened version.
> >
> > Y'know, I really don't believe the NSA have ever been
> > that dumb.
>
> Why not? All of corporate America is that dumb. Corporate America has
> all the incentives in the world to make money, while the NSA has the
> usual bureaucratic (weaker) incentives.
>
> Every corporate leader who says "I will protect my IP by taking steps
> which make it harder to use" is indulging in this error. Why should
> the NSA be any different?
>
> http://www.crynwr.com/on-being-proprietary.html
One point for: Suite A and friends, which remains a heavily shared secret.
One point against: In this particular place called cryptography, there
is a frequently repeated aphorism "the enemy knows my algorithm"
recently attributed as Shannon's maxim and historically as Kerckhoffs'
2nd Principle.
I guess the various well-funded enemies have figured out each other's
secret algorithms by now, but out of politeness and common interest they
cartelise the secrets.
iang
More information about the cryptography
mailing list