Slashdot Mirror
America's NIST Seeks Public Comments on Cybersecurity and Cryptography (thehill.com)
An anonymous Slashdot reader writes:
The National Institute of Standards and Technology has its own "Commission on Enhancing National Cybersecurity," and this week they issued a call for public comments on "current and future challenges" involving critical infrastructure cybersecurity, the concept of cybersecurity insurance, public awareness, and the internet of things (among other topics) for both the private and public sector.
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity."
Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity."
Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."
Quote from article: "If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use."
Public key cryptosystems refers to asymmetric cryptography. What is it about symmetric cryptography that makes it resistant to quantum attacks?
Asymetric cryptography relies on mathematical problems, such as factoring very large numbers for security. In traditional algorithms, factoring large numbers (4096 bits) takes simply too long. However, there are KNOWN quantum algorithms that can tackle those problems quickly enough. Symmetrical algorithms do not rely on this class of problem for safety.
We don't trust you, NIST. End of comment.
Behind concrete walls, inside a Faraday cage, no mics, in fact just go back to paper.
Twinstiq, game news
I was going to suggest that they re-name their commission "Boaty McBoatface"
Can you recommend less corrupt and more competent computer security organizations to handle this task?
...considering every major law enforcement organization, as well as the shady, black-op three-letter variety are all against encryption they can't break...
Maybe the best thing to do would be to do what your government ISN'T. Between America's meaningless, endless wars and their trampling upon every freedom their own country was founded upon, the only "suggestions" that are going to be tabled by the government are the ones that eliminate privacy.
Oh yes, to the tragic, old fucks from #debian who have been blowing members of the TOR Project from the very beginning, no, TOR isn't a good option for privacy. It's a good honeypot for the feds though, so feel free to keep peddling your kiddie porn on the "dark net." You're all being watched and when the time comes, you'll all be in prison being taught what rape really means.
https://support.microsoft.com/...
Therefore any encryption scheme presented by NIST would likely have been compromised before hand.
Symmetric ciphers like AES are constructed in a fundamentally different way compared to public-key ciphers. Symmetric ciphers rely on confusion and diffusion, shuffling and mixing the bits of the input in such a way that it is very difficult to recover the plaintext unless you know the key that parameterized the process. Security is based on the complexity and non-linearity of the operations, but they are essentially very "messy" in how they transform plaintext into ciphertext. Take a look at a diagram describing AES and you will see what I mean.
Public-key ciphers on the other hand are conceptually simple but rely on the hardness of some fundamental mathematical operation, e.g. factoring, discrete log, etc. It turns out that there are quantum algorithms to solve some of these problems efficiently. It also turns out though that there is something called Grover's algorithm, which actually does let quantum computers break symmetric crypto faster than a standard computer. Fortunately, it only turns O(N) work into O(sqrt(N)), which is not that bad. Effectively this means that AES-128 only has 64 bits of security against a quantum computer, and AES-256 only has 128 bits.
Look up Warrant Canary and display one to ensure your activities and promotions are pure and not compromised. "Warrant canary" is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received, such as a national security letter. - Canary Watch
These keys can be lengthened pretty simply. The length of these keys has been kept short through federal regulation, not through overwhelming technological difficulty in lengthening them.
What federal regulation would that be? "Export grade encryption" restrictions were removed back in 1996. It has been 20 years already (OMG, I'm old).
There is no federal regulation that I am aware of that limits key length. Citation please.
Learning HOW to think is more important than learning WHAT to think.
Asymmetric keys rely on factorization of huge numbers to generate a 'distributable' key. Factorization of a single number is relatively complex, it takes a really, really long time with our current computers to factor any number. If you have to factor numbers quantum computing is promised/theorized to be able to do this instantly or at least very quickly, if you can 'factor' any huge number instantly you can make quick guesses until you have a matching combination.
Symmetric keys rely on secrets. Everyone involved in the message needs the SAME key. It's sort of like a password but the password is insanely long, the problem is you can only distribute the key to whom you are trying to communicate with and everyone needs a different key, that would make maintaining a new key-per-object insanely complex. In quantum computing you still have to 'search' for this password through the entire possible space of passwords (not just numbers but any bit-combination), it can go faster with quantum computing (theorized to be about twice as fast) but it will still take a long time. If it takes you to the heat death of the Universe to guess a key, now it only takes half that long (although known flaws in hardware, software or algorithms can typically reduce the search space substantially).
Either way there are asymmetric algorithms that are quantum resistant but either they are too complex on non-quantum computers or they are patent encumbered. For symmetric keys it is feasible to just use larger keys.
Custom electronics and digital signage for your business: www.evcircuits.com
I don't think there is any pressure to keep keys small, we already have AES-256 which nobody uses because we don't actually need that much security. If quantum computers came around AES-256 would still be perfectly secure.
It's not twice as fast, it is sqrt(N) times as fast where N is the number of possible keys. You might be thinking 'half' because this implies that the security in bits of a scheme will be half as much against a quantum computer.
If we eliminate ambient authority, it would go a long way towards fixing this whole mess. Having operating systems which blindly trust applications to do the right thing is just stupid. This was figured out back in the early 1970s, but nobody seems to have learned the lesson.
Capability Based Security is a way to never trusting applications, in a user friendly way... just raising awareness of it is a good first start.
I'm afraid you're mistaken. The first set of regulations were lifted s a violation of First Amendment rights, but they were effectively transferred the US Commerce department. They are still restrictive, and still prevent the activation of ubiquitous encryption at the NIC level.
https://www.federalregister.go...
'
Permission to sell network equipment overseas often relies on the installation of backdoors for government access. These keys have even been published wolrwide for various network hardware.
http://www.defenseone.com/tech...
I'm afraid to believe that network hardware and software vendors do _not_ install backdoors at government insistence is to ignore the long history of the major network vendors.
The NIST has been tainted by the NSA. So any comment must first ask, "How can we know that this taint is gone?"
On review, I was unclear. The arbitrary enforcement of the remaining regulations by the Department of Commerce effectively hinders, robust encryptyon, including the increase of key lengths. Only those technologies deemed "suitable" by the Department of Commerce are allowed export license. The standards are no longer so clear, but similar to those The licensing and approvals necessary to provide robust encryption as a general practice are so burdensome that network equipment vendors find themselves fiscally constrained from providing it, even if it is not specifically banned.
You secretly colluded with the NSA on back-dooring elliptical-curve cryptography (in effect, by not disclosing weaknesses).
Now you want us to offer you FREE suggestions on the current frontiers of mathematical cryptography?!?
Eat my shit. If I (or anyone else with a brain) had a body of work designed to out-smart quantum (annealing) computers, we would keep it very, very secret. We would not even disclose to USPTO or via a PCT disclosure.* Nuh-uh! It would be for sale to the highest bidder – a private transaction. NIST's recorded willingness to bend over and take it in the ass for the NSA has squandered the entire institution's integrity.
* It really does happen. An invention disclosure can be ruled by the USPTO to be so significant to National Security that they basically 'take it black,' usually at DOD behest. "Thanks for all of your hard work on that thing..."
Stop using "cyber" on things or you'll never be taken seriously.
One thing that's certainly not productive are technology ignorant anti-encryption rants that come out of the mouths of certain Congressmen and Senators from time to time, especially air-heads like California's own Senator Diane Fienstein. You don't combat terrorists and criminals by undermining encryption for everybody living in the United States. Mass surveillance hasn't produced squat so far in the war on terrorism. They will no doubt try to argue that successes are secrets but given how poorly the United States protects it's real secrets these days, that's not a very satisfying explanation. I think if mass spying on American phone conversations was insanely useful we would have heard about at least a few big scores from the program. Instead, crickets. If the US government wants to enhance "cyber" security, as they like to call it, they have to start by not undermining the very security they say that they want to create.
It has been a while since I've dug thru the DoC EAR, but from what I remember -- and what I seem to glean from digging thru your link to the Fed Reg -- is that most of this applies only if you're using proprietary encryption. The use of open source algorithms where you provide the relevant source code, such as using AES, Blowfish, or TwoFish, is an exemption.
To be clear, I'm talking about mass market stuff which gets the MMKT designation, nor crypto gear primarily sold to foreign governments.
If using only the published, open source stuff for crypto, then the exporter has only to file the paperwork. The 30-day delay was removed, and there is no real "review request", the paperwork is just on file.
RSA fits the bill just fine, and there is no restriction that I can find for using ginormous keys -- 4,096 bits and beyond.
Feel free to use Elliptic Curve instead of RSA, avoiding Dual EC DRBG (obviously) and the NIST recommended curves if you're paranoid.
I understand that exporting certain hardware requires paperwork, but I'm firmly in the camp of thinking that states "proprietary encryption should be avoided at all costs".
Learning HOW to think is more important than learning WHAT to think.
Dunno about you, but I always ensure that 256-bit AES and similarly high-grade cipher suites are available for TLS and other kinds of crypto in use within my purvue. Also the servers are configured to choose the highest-level encryption supported by the client.
For whatever reason, Java comes out of the box limited to 128-bit encryption, but we always take steps to ensure that the unlimited-strength policy files are installed to lift those silly restrictions.
Computers are fast and crypto is (relatively) cheap. Why would you not use the strongest algorithms available? The claim that C is "good enough" are famous last words, especially when something (arguably) better is readily available.
My understanding is that due to problems with key schedules 256bit AES is less secure than 128bit. Ref.
then there will be holes you can drive an airliner through in any encryption standard that comes to pass...
For some definitions of "less secure". There are better attacks against AES-256, but even so the total amount of security against the strongest known attacks is still higher. In the link you posted from Bruce Schneier it says AES-256 has 176 bits of security vs 119 for AES-128.
128-bits of security is enough for a very, very long time. The most powerful supercomputer in existence can execute 93 petaflops. It would take that computer 8400x the age of the universe to brute force one 128-bit key, assuming it can do an AES decryption in one operation (which it can't). AES-128 vs AES-256 is not that big of a distinction considering that a huge theoretical break on AES would be necessary to actually attack either of them.
Research has also shown that the construction of AES-256 is not great and attacks tend to have much higher impact on the 256-bit version compared to the 128-bit version. The best attack against AES-128 reduces its security to 119 bits, while the best attack against AES-256 reduces its security to only 176 bits. It is likely that any attack making AES-128 vulnerable would also make AES-256 vulnerable.
https://www.federalregister.gov/articles/2016/08/10/2016-18948/information-on-current-and-future-states-of-cybersecurity-in-the-digital-economy
http://thehill.com/policy/cybersecurity/290966-nist-cybersecurity-commission-seek-broad-range-of-public-cyber-comment
http://csrc.nist.gov/groups/ST/post-quantum-crypto/index.html
Even clicking the first link attaches you to the FBI register of who is using Slashdot today.
This site is all spy all agenda all cunt.
What happened to GeoTrust Inc as Slashdot's CA authority though? Now it is Let's Encrypt?
why
Sure, but he then goes on to state: "And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the forseeable future."
But I don't want to quote him out of context, he then adds: "But if you're already using AES-256, there's no reason to change."
As usual with crypto it will come down to exactly what you are doing and what threat models you are prioritizing your defense against.
Yeah I have been saying that to other people here. There is no point in using AES-256 because it is barely more secure than 128, if at all. In exchange for being a lot slower. It just doesn't make sense.
We no longer trust you so go die in a fire.
Do you REALLY consider a Belgian developed crypto scheme any more secure than Russian, American, Japanese, Israeli, etc?
I have a harder time finding crypto from someone/where I do trust, rather than where I don't completely.
While the EU at the 'state' level may care about privacy, it seems like EU as the economic bloc really doesn't, anymore than the aforementioned.