[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

ianG iang at iang.org
Thu Aug 6 11:28:54 EDT 2015


On 6/08/2015 06:01 am, David Johnston wrote:
> On 8/5/15 1:25 PM, John Kelsey wrote:
>> I wonder what fraction of the time people invent their own crypto
>> algorithms and protocols, and the result is better than the standard
>> stuff.  I'm guessing the fraction is small enough that it needs quite
>> a few significant digits to be distinguishable from zero.
>>
>> --John
> In the case of the UPB (unnamed peripheral bus) that I'm referring to,
> It's not so much creating new crypto algorithms as composing normal
> algorithms in a system that is simpler than the complex specs like X.509
> that lead to complex software that lead to bugs.


Just avoiding x.509 and CA stuff is probably the biggest win in terms of 
ROI, and is enough to justify bringing in a high-paid resource who can 
do that.  It took me about 1 month to write a custom equivalent, and 
another month to roll it through all my code.  Since then, peace on 
earth.  Replacing both OpenPGP (and x.509) sits right up there on the 
top investments I've ever made.


> Or like DSA that is
> very fragile in the face of biased random numbers. Also avoiding NIST
> curves with the unexplained constants and trying to use algorithms that
> aren't thought to be subject to government interference which could
> cause export problems in international markets.
>
> Many standards (e.g. from IETF, IEEE 802 (before they learned to stop
> asking the government for help), SP800-90, X.509 etc. ) have proven
> toxic, either cryptographically, structurally or in terms of
> implementation complexity. Doing a good job of interoperability
> standards writing these days involves taking this into account and being
> very circumspect about what parts of what standards can be considered
> safe and what parts should be composed in a new fashion that achieves
> something simpler, or more scalable or more efficient or all three.
>
> Standards are a minefield. We need to learn to tread carefully.


Amen to that.  iang



More information about the cryptography mailing list