[guardian-dev] Fwd: [cryptography] the spell is broken
Dev Random
c1.devrandom at niftybox.net
Wed Oct 2 12:07:25 EDT 2013
-------- Original Message --------
Subject: [cryptography] the spell is broken
Date: Wed, 02 Oct 2013 18:41:21 +0300
From: ianG <iang at iang.org>
To: Crypto discussion list <cryptography at randombit.net>
http://www.infoworld.com/print/228000
October 02, 2013
Silent Circle moves away from NIST cryptographic standards, cites NSA
concerns
The company plans to replace AES and SHA-2 with Twofish and Skein in its
encrypted communication services
By Lucian Constantin | IDG News Service
Silent Circle, a provider of encrypted mobile Voice over Internet
Protocol (VoIP) and text messaging apps and services, will stop using
the Advanced Encryption Standard (AES) cipher and Secure Hash Algorithm
2 (SHA-2) hash functions as default cryptographic algorithms in its
products.
[ Build and deploy an effective line of defense against corporate
intruders with InfoWorld's Encryption Deep Dive PDF expert guide.
Download it today! | Stay up to date on the latest security developments
with InfoWorld's Security Central newsletter. ]
"We are going to replace our use of the AES cipher with the Twofish
cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas
said Monday in a blog post. "We are going to replace our use of the
SHA-2 hash functions with the Skein hash function. We are also examining
using the Threefish cipher where that makes sense."
The company also plans to stop using P-384, one of the elliptic curves
recommended by the NIST for use in elliptic curve cryptography (ECC).
...
Silent Circle plans to replace the P-384 elliptic curve with one or more
curves that are being designed by cryptographers Daniel Bernstein and
Tanja Lange, who have argued in the past that Suite B elliptic curves
are weak.
"If the Suite B curves are intentionally bad, this would be a major
breach of trust and credibility," Callas said. "Even in a passive case
-- where the curves were thought to be good, but NSA cryptanalysts found
weaknesses they have since exploited -- it would create a credibility
gap of the highest order, and would be the smoking gun that confirms the
Guardian articles."
...
Silent Circle's new decision to move away from AES, SHA-2 and the P-384
curve doesn't mean that these standards are insecure, Callas said in the
blog post. "It doesn't mean we think less of our friends at NIST, whom
we have the utmost respect for; they are victims of the NSA's perfidy,
along with the rest of the free world. For us, the spell is broken.
We're just moving on."
...
Asked why Twofish and Skein in particular were chosen to be the new
default choices for Silent Circle's products, Callas said via email that
both algorithms come from trusted sources, including himself in the case
of Skein.
Twofish was a finalist in the NIST's selection of the AES cipher, and
the team that developed it included people that Silent Circle's
co-founders personally know and trust, he said. "A number of the same
people produced Skein -- which was a SHA-3 finalist -- and I am a member
of the Skein team."
For Silent Circle this was a "decision of conscience," Callas said. "Our
primary responsibility is to protect our customers, especially in the
face of uncertainty."
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20131002/6175a209/attachment.html>
More information about the Guardian-dev
mailing list