[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

David Johnston dj at deadhat.com
Thu Aug 6 01:01:59 EDT 2015 

On 8/5/15 1:25 PM, John Kelsey wrote:
> I wonder what fraction of the time people invent their own crypto algorithms and protocols, and the result is better than the standard stuff.  I'm guessing the fraction is small enough that it needs quite a few significant digits to be distinguishable from zero.
>
> --John
In the case of the UPB (unnamed peripheral bus) that I'm referring to, 
It's not so much creating new crypto algorithms as composing normal 
algorithms in a system that is simpler than the complex specs like X.509 
that lead to complex software that lead to bugs. Or like DSA that is 
very fragile in the face of biased random numbers. Also avoiding NIST 
curves with the unexplained constants and trying to use algorithms that 
aren't thought to be subject to government interference which could 
cause export problems in international markets.

Many standards (e.g. from IETF, IEEE 802 (before they learned to stop 
asking the government for help), SP800-90, X.509 etc. ) have proven 
toxic, either cryptographically, structurally or in terms of 
implementation complexity. Doing a good job of interoperability 
standards writing these days involves taking this into account and being 
very circumspect about what parts of what standards can be considered 
safe and what parts should be composed in a new fashion that achieves 
something simpler, or more scalable or more efficient or all three.

Standards are a minefield. We need to learn to tread carefully.

DJ
>
>
>
> On Aug 4, 2015, at 2:06 PM, dj at deadhat.com wrote:
>
>>>> On 2/08/2015 16:56 pm, Dan McDonald wrote:
>>>>> On 1 August 2015 at 21:27, ianG <iang at iang.org> wrote:
>>>
>>> NIH == not invented here?  Yes, I see that.
>> I'm currently in the process of developing a security protocol spec in a
>> standards group, that will be deployed everywhere.
>>
>> The reverse seems to be true. There is a desire to do some things new
>> (specifically to avoid X.509 and NIST curves and make things as brutally
>> simple as possible), but there is a NISE (Not invented somewhere else)
>> crowd that calls for external specs we can point to for all crypto things.
>> This leads down the slippery path to NIST, DSA and X.509.
>>
>>
>>
>> _______________________________________________
>> The cryptography mailing list
>> cryptography at metzdowd.com
>> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list