[guardian-dev] pgp, nsa, rsa

Billy Gray wgray at zetetic.net
Tue Sep 10 14:32:02 EDT 2013


Do you guys follow Matthew Green? Great stuff:

http://blog.cryptographyengineering.com/2013/09/on-nsa.html
http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fixing-mistakes.html

I think he does a good job of breaking down what's in these recent reports.
It's a good thing to send to people who read the NY Times report and think
that all crypto is now broken (like a friend of mine asked me at NWC
yesterday).

And then there was this:

http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown-blog-post-johns-hopkins

One more question: any of y'all used libTomCrypt? We have an experimental
implementation of it in SQLCipher. Open-source alternatives to OpenSSL
could use some love. DJB's NaCl is neat, too. Curious if you guys are leery
of relying so heavily on OpenSSL, given the above.

http://libtom.org/?page=features&newsitems=5&whatfile=crypt
http://nacl.cr.yp.to

Cheers,
Billy


On Tue, Sep 10, 2013 at 11:17 AM, Aaron Lux <a at aaronlux.com> wrote:

> NSA’s mission includes deciphering enciphered communications is not a
> secret, and is not news*. I am concerned the nytimes.com article will
> have the effect of causing the public to lose trust in all encryption
> including open-source algorithms. Hopefully people realize reviewing
> source code for encryption algorithms** is much more relaxing than
> reading the NY Times.
>
>
> * nsa.gov states that its mission includes leading “the U.S. Government
> in cryptology … in order to gain a decision advantage for the Nation and
> our allies.”
>
> ** ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2 and
>
> http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar.gz
>
> > Look at the top and bottom of every page: TOP SECRET//SI//TK//NO FORN.
> > This is a secret document.
> >
> > Cheers,
> > Michael
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net
>
> You are subscribed as: wgray at zetetic.net
>



-- 
Team Zetetic
http://zetetic.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130910/9a4b3148/attachment-0001.html>


More information about the Guardian-dev mailing list