[Cryptography] Paranoia for a Monday Morning
Jerry Leichter
leichter at lrw.com
Mon Oct 27 07:35:05 EDT 2014
We've seen increasing evidence that the NSA influenced the choice of cryptographic standards towards designs that were extremely difficult to get right - e.g., Dan Bernstein's claims that the standard elliptic curves have arithmetic whose implementations need special-case paths that make side-channel attacks much easier than they need to be.
As I look at the world around me, however, I see few proven attacks against fielded cryptographic implementations - but an ever-flowing stream of attacks against another class of standardized software. I'm talking, of course, about browsers. The complexity of browser standards - and of ancillary software like Flash - has proved way beyond our capability to program without error. It's easy to blame Adobe or the Microsoft of old for incompetent programming; but even the latest IE, produced under what may be the best "secure software development chain" in the world; and Chrome, a clean-sheet, open-source implementation by a team containing some of the best security guys out there; continue to be found to have gaping holes. At some point, you have to step back and admit that the problem doesn't lie with the developers: They are being set up to fail, handed a set of specifications that we simply too hard to get right.
And that, of course, raises the question: Accident, or enemy action?
-- Jerry
More information about the cryptography
mailing list