Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Announces New Crypto Standards

Posted by Zonk on from the less-tasty-crackers dept.

Proaxiom writes "This week the NSA announced the new US government standard for key agreement and digital signatures, called Suite B. Suite B uses Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) for key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for signature generation/verification. This shouldn't be too surprising given that the NSA licensed Certicom's EC patents for $25 million last year. ECMQV is patented by Certicom. ECDH and ECDSA appear to be generally unencumbered."

2 of 220 comments (clear)

  1. Re:ECMQV broken by Anonymous Coward · · Score: 5, Insightful
    One presumes that any encryption standard the US is going to reccomend has in fact been broken by the NSA or other security organzation. The US has been very clear that it does nto want its citizens of anyone else in the world to use encyption that the US cannot break.

    So i would posit that the standard has already been broken by someone, and, if need be, can be decrypted as needed. Perhaps it won't be cheap, but it will be possible.

  2. Re:ECMQV broken by Coryoth · · Score: 5, Insightful

    One presumes that any encryption standard the US is going to reccomend has in fact been broken by the NSA or other security organzation. The US has been very clear that it does nto want its citizens of anyone else in the world to use encyption that the US cannot break.

    And likewise the US has been very clear that it does not want its government, military, businesses using an encryption system that can be broken by other countries. The NSA has 2 roles, Signals Intelligence (which may involve breaking encryption) and Information Assurance (which involves providing secure computing to US government and business). ECC is out there and available, so pretending it doesn't exist just because they can't break it hardly helps them in stopping people using it. That means, from the Signals Intelligence perspective ECC is a moot questions, breakable or no. Export controls make little difference considering the company (Certicom) with all the patents on ECC (hundreds, literally) is Canadian. On the other hand, if it is good, strong, and secure, then it is entirely sensible for the Information Assurance arm to promote it as a standard for US business. Let's be honest, RSA has looked weak the last couple of years. You could just as easily claim that this announcement is an effort to move US government and business to a more secure system. Maybe this announcement means that the NSA knows how to break RSA, and figures other countries either know too, or will figure it out soon.

    In short, there is no reason to expect that the NSA can break ECC, and to claim otherwise is just shotting your mouth off with absolutely zero basis. There are other perfectly good explanations, why not consoder them instead/as well?

    Jedidiah.

    --
    Craft Beer Programming T-shirts