On Wed, Sep 18, 2013 at 9:49 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
On Wed, Sep 18, 2013 at 9:35 AM, Aaron MulderThat thought crossed my mind which is why I was surprised they put
<ammulder@alumni.princeton.edu> wrote:
> On Wed, Sep 18, 2013 at 9:15 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
>> If they have a goal of cracking 256-bit AES, and they're spending
>> billions on a supercomputer to implement it, then I think there is a
>> pretty high likelihood that they know of a weakness in the cipher that
>> they can exploit.
>
> On the other hand, you really have to ask yourself, if they could
> break AES-256, why would they say so? If they're going out of their
> way to convince you NOT to use it, maybe it's *because* they can't
> crack it?
something like that on a webpage. That does tend to make me think
that this is a cover for something else. I'm not sure what other
problems are so demanding of supercomputer time - it could just be for
a cipher other than AES - perhaps one that everybody is likely to
switch to if they shun AES.
I'm not a cryptographer, but my understanding is that this concern is
>
> (His other advice was to avoid ECC because
> whoever provides the constants may be holding a "private key" allowing
> them to crack it, and the NSA provided the recommended constants.)
limited to the ECC-based PRNG that the NSA developed. Apparently NIST
just announced they're discouraging anybody else from using it for the
same reason.
The real challenge is that the NSA spends a LOT of money on
cryptography R&D. The "academic world" for cryptography largely
exists behind closed doors. For every paper published in a journal,
there may be 100 published in some NSA-only journal.
Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug