Slashdot Mirror

← Back to Stories (view on slashdot.org)

Distrustful US Allies Force Spy Agency To Back Down In Encryption Fight (reuters.com)

Posted by BeauHD on from the lack-of-trust dept.

schwit1 shares a report from Reuters: An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques -- those least likely to be vulnerable to hacks -- to address the concerns.

3 of 104 comments (clear)

  1. Trust is hard to gain and easy to lose by Opportunist · · Score: 3, Insightful

    To make me trust you, you have to give me a good reason to do so. Unfortunately the NSA has given all sorts of reason to not thrust them with anything. Not as an American, twice not as a foreigner.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Re:Closed door meetings at ISO? by JohnFen · · Score: 3, Insightful

    that's because they are excellent algorithms.

    Says you and the NSA.

    Here's the thing -- if the algorithms include an intentional weakness, it could take years of study to find it. That nobody's found weakness yet isn't compelling in terms of increasing trust.

    Because of this, a large amount of trust is required when accepting them. When the entity that is very eager to get these adopted is one that has clearly demonstrated that it can't be trusted, rejecting the algorithms is completely reasonable.

    Perhaps they're fine, I don't know, but it seems prudent to be extraordinarily cautious about them before blessing them as standards. Let everyone study them for a few years to reduce the need to trust the NSA.

  3. Re:You reap what you sow by HiThere · · Score: 4, Insightful

    The thing is, I don't know that anyone every actually *proved* that the NSA elliptic cure constants were weak. But everyone suspects that they are because of other things they've done.

    This is a point worth remembering. Once you get a bad reputation, people stop trusting you even if they can't prove that you're doing something wrong this time. And when they remember it later they'll remember it as a time they didn't fall into your trap.

    And remember, perhaps those constants were good. Have you heard of anyone proving that they weren't? But would you want to trust them?

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.