[147307] in cryptography@c2.net mail archive
Re: [Cryptography] RSA recommends against use of its own products.
daemon@ATHENA.MIT.EDU (ianG)
Thu Sep 26 06:06:53 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 26 Sep 2013 08:21:39 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <021AE27C-46B7-4A8B-98E2-867A7EEE9662@lrw.com>
Cc: Jerry Leichter <leichter@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 25/09/13 21:12 PM, Jerry Leichter wrote:
> On Sep 25, 2013, at 12:31 PM, ianG <iang@iang.org> wrote:
...
>> My conclusion is: avoid all USA, Inc, providers of cryptographic products.
> In favor off ... who?
Ah well, that is the sticky question. If we accept the conclusion, I
see these options:
1. shift to something more open.
2. use foreign providers.
3. start writing.
4. get out of the security game.
> We already know that GCHQ is at least as heavily into this monitoring business as NSA, so British providers are out. The French ...
Right, scratch the Brits and the French. Maybe AU, NZ? I don't know.
Maybe the Germans / Dutch / Austrians.
> It's a really, really difficult problem. For deterministic algorithms, in principle, you can sandbox ...
If you are referring to testing a provider's product for leaks, I think
that's darn near impossible.
(If referring to the platform and things like leakage, that is an
additional/new scope.)
> For probabilistic algorithms - choosing a random number is, of course, the simplest example - it's much, much harder. You're pretty much forced to rely on some mathematics and other analysis - testing can't help you much.
As I have said, if you care, you write your own collector/mix/DRBG. If
not, then you're happy reading /dev/random.
(for the rest, all agreed.)
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography