[149135] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (John Kelsey)
Mon Jan 20 12:56:40 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52B7F566.5050507@gmail.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Mon, 20 Jan 2014 12:49:32 -0500
To: William Allen Simpson <william.allen.simpson@gmail.com>
Cc: cryptography moderated list <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Perhaps this is the result of living in a government bubble for awhile, but I certainly saw and heard a lot of the bigger community who thought NSA's involvement in domestic crypto standards and companies was intended to improve security. That's why NSA people were and are openly members of a bunch of standards committees, why people invited NSA guys to give talks and take part in competitions, why people were using stuff like SE Linux. People have been using DSA, the NIST curves, SHA1, and SHA2 for many years, believing them secure--because the assumption was that NSA wasn't putting backdoored stuff out there.
That's part of the collateral damage of the dual ec drbg trapdoor. They had spent 10-15 years trying to build a good relationship with the crypto and computer security community, and when this came out, they lost that relationship. Researchers will still take their money, government agencies required by law to work with them will continue to do so, but the default assumption won't be "they're on our side" anymore. The ultimate cost of that will be many times higher than however much was budgeted for the project that got the dual ec drbg into the world.
--John, definitely speaking only for myself
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
