[Cryptography] Paranoia for a Monday Morning

Jerry Leichter leichter at lrw.com
Mon Oct 27 07:35:05 EDT 2014

We've seen increasing evidence that the NSA influenced the choice of cryptographic standards towards designs that were extremely difficult to get right - e.g., Dan Bernstein's claims that the standard elliptic curves have arithmetic whose implementations need special-case paths that make side-channel attacks much easier than they need to be.

As I look at the world around me, however, I see few proven attacks against fielded cryptographic implementations - but an ever-flowing stream of attacks against another class of standardized software.  I'm talking, of course, about browsers.  The complexity of browser standards - and of ancillary software like Flash - has proved way beyond our capability to program without error.  It's easy to blame Adobe or the Microsoft of old for incompetent programming; but even the latest IE, produced under what may be the best "secure software development chain" in the world; and Chrome, a clean-sheet, open-source implementation by a team containing some of the best security guys out there; continue to be found to have gaping holes.  At some point, you have to step back and admit that the problem doesn't lie with the developers:  They are being set up to fail, handed a set of specifications that we simply too hard to get right.

And that, of course, raises the question:  Accident, or enemy action?

                                                        -- Jerry

More information about the cryptography mailing list