Silent Circle Moving Away From NIST Cipher Suites After NSA Revelations

Trailrunner7 writes "The first major domino to fall in the crypto world after the NSA leaks by Edward Snowden began was the decision by Lavabit, a secure email provider, to shut down in August rather than comply with a government order. Shortly thereafter, Silent Circle, another provider of secure email and other services, said it was discontinuing its Silent Mail offering, as well. Now, Silent Circle is going a step further, saying that it plans to replace the NIST-related cipher suites in its products with independently designed ones, not because the company distrusts NIST, but because its executives are worried about the NSA's influence on NIST's development of ciphers in the last couple of decades. Jon Callas, one of the founders of Silent Circle and a respected cryptographer, said Monday that the company has been watching all of the developments and revelations coming out of the NSA leaks and has come to the decision that it's in the best interest of the company and its customers to replace the AES cipher and the SHA-2 hash function and give customers other options. Those options, Callas said, will include non-NIST ciphers such as Twofish and Skein."

serpent

[johnjones]

mathematics depts are interesting things...

I personally trust in s box's

regards

John Jones

I trust the Chinese...

I trust the Chinese have already done that to every processor built for export. They'd be negligent if they haven't.

Marketing!

[tgd]

Or stupidity. One of the two.

Why use algorithms that are standardized on by the federal government and have been looked at exhaustively by experts around the world when you can use an untested crypto system? After all I'm sure the NSA wants to ensure that bad guys have access to everything the government is encrypting by first weakening the encryption standard, then standardizing the US government on the use of them.

No reason to distrust Rijndael

[dido]

I highly doubt that Vincent Rijmen and Joan Daemen themselves were influenced by the NSA in any way in the design of Rijndael, unless you believe that they influenced all the AES entrants, including Ronald Rivest (RC6) and Bruce Schneier (Twofish). I think the only influence the NSA might have had was in perhaps influencing the NIST selection process that chose Rijndael as the Advanced Encryption Standard. And in the thirteen years since it was thus chosen it has been scrutinised more thoroughly than any algorithm by the best cryptographers in the world, and well, none of the open researchers anyway have found an attack on the cipher capable of breaking it significantly. The NSA might have, but then they approved the cipher for encrypting US government classified documents (a blessing that the NSA notably did not give the original Data Encryption Standard), so I'd consider it highly unlikely that they would have done that. The risk would be too great that their method of breaking the cipher have been obtained by espionage or independently discovered by some other intelligence agency's cryptanalysts. The NSA may be evil, but no one has ever accused them of stupidity.

Given that the best cryptanalysts of the world have had thirteen years to look at it and it remains solid, I'd trust it better than the other AES candidates which have had much less scrutiny, or worse yet, a newly designed cipher that no one who knows anything has bothered to even try analysing.

The other thing is that AES is incredibly efficient even on 8-bit microcontrollers. Around the time the AES contest was ongoing, I implemented Serpent, Twofish, and Rijndael on an 8051-series microcontroller, and Rijndael was consistently the best performing cipher, so I used it in the project, and wasn't surprised to learn that it eventually got selected.

Re:No reason to distrust Rijndael

[dido]

Good points. But then again remember that the NSA, having approved the cipher for use with classified documents, now has to use it themselves if they want to exchange top secret classified information with the rest of the US government! I think it's much more likely that they did apply even more of their vaunted cryptanalytic prowess to it when NIST gave their approval in 2000, and when by 2003 they found no significant weaknesses, they approved it for use with classified information. If they had found a significant weakness in AES and approved it anyway for such use, how arrogant and stupid would that make them? Their own supposedly secure communications with the rest of the government would be compromised as a result! As I said you can accuse the NSA of being many things, but I don't think stupidity is one of them.

Snowden himself said it: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." Emphasis added. The real trouble is there are too many systems out there that use otherwise sound cryptographic primitives in insecure ways, either by incompetence or by design. The NSA has been known to pressure manufacturers of security equipment to do the latter, and naturally they will only certify equipment that hasn't been thus back-doored for government use.

And no, I don't think breaking AES would be career suicide for an academic cryptanalyst. Fermat's Last Theorem would also have been considered career suicide for centuries for the same reasons you cite, but now Andrew Wiles is one of the most famous mathematicians in the world. True, it's a hard problem, but if you manage to publish a workable break of AES you would become the most famous cryptographer in the world.

Re:9/11 was an inside job

[tgd]

NIST has in many instances blocked independent investigations into 9/11, as well as lied about its own findings and devised unscientific explanations for the controlled demolitions of WTC 7 and the Twin Towers.
AE911truth

You know, this is probably the first time in the history of 9/11 whackjob posts on Slashdot that the reply is actually relevant to the story. Because they have nearly identical basis in reality.