
Government Announces Steps to Restore Confidence on Encryption Standards - misiti3780
http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards
======
andrewljohnson
This got my heart beating. There is actual rebellion among academics, and a
movement to restore trust in both people and tech. This is the NY Times
quoting Matt Green of John Hopkins in the article:

 _“I know from firsthand communications that a number of people at N.I.S.T.
feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an
interview Tuesday._

Thats pretty strong sentiment. Seems to echo the bitterness of Rogaway:
[http://www.cs.ucdavis.edu/~rogaway/politics/surveillance.pdf](http://www.cs.ucdavis.edu/~rogaway/politics/surveillance.pdf)

This is an important question of our times, and the cryptography experts
should speak up like this. They have the credibility, and the ear of the
people and media.

~~~
s_q_b
_“I know from firsthand communications that a number of people at N.I.S.T.
feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an
interview Tuesday._

That's the understatement of the century. NIST is _pissed off._ Many of these
guys move fluidly back and forth from NSA, and clearly they were kept in the
dark.

~~~
devx
Let's see how they dramatically improve the process then. I hope they don't
think statements like "we didn't do it, trust us" are enough.

But it's probably best to just forget about NIST and start from scratch with a
new standards body with _zero_ influence from the government - any
government(how it should be).

~~~
zeckalpha
Almost by definition, a standards organization would have some form of
government (lowercase g) running it. What would you suggest as an alternative?
Wikistandards? Even a wiki has government.

~~~
ataggart
I don't see the utility in using "government" to mean something other than
"the state". We have other words that can work just as well without
introducing confusion about the intent of the speaker.

------
rumcajz
This is a procedural, not technical problem. It almost seems like the
standardisation process open to everyone just enables everyone to insert their
own backdoors into the standard.

One interesting way to solve the problem would be to allow differenct mutually
hostile entities to define their own standards (US, Russia, China, FSF, Pirate
Bay, whoever) and then encrypt using _all_ of them.

That way, even if there is backdoor in each protocol, the only way to decrypt
would be all those disparate players to cooperate. It would be like a vault
with multiple keys possesed by different people.

~~~
antocv
Thats an interesting concept, I wonder if Russia and China have their own
standards/protocols to use?

I guess we could get the same effect by encrypting using 3DES, then AES, then
blowfish, twofish and then RC4.

~~~
CWuestefeld
Counterintuitively, sequentially applying additional crypto doesn't
necessarily improve security; in theory, it may actually damage it.

~~~
endeavor
If the keys used for each cipher are independent it should not weaken
security. See section 15.7 of Applied Cryptography
([http://www.cse.iitk.ac.in/users/anuag/crypto.pdf](http://www.cse.iitk.ac.in/users/anuag/crypto.pdf)).

------
benologist
The weird bit is the NYT did it on their own website instead of Ars. It's also
super classy of Ars to cite a second report by the NYT then link to their own
summary of that article too!

[http://bits.blogs.nytimes.com/2013/09/10/government-
announce...](http://bits.blogs.nytimes.com/2013/09/10/government-announces-
steps-to-restore-confidence-on-encryption-standards/?src=twrhp&_r=0)

~~~
devx
Mike Masnick calls it a complete non-response from NIST, regarding the real
issue/accusation:

[http://www.techdirt.com/articles/20130910/12371124473/nists-...](http://www.techdirt.com/articles/20130910/12371124473/nists-
ridiculous-non-response-response-to-revelation-that-nsa-controlled-crypto-
standards-process.shtml)

~~~
anigbrowl
When was Mike Masnick last happy about _anything_?

------
ReidZB
When I saw 'new details' (edit: this was referring to an old title), I was
hoping that the backdoor in Dual_EC_DRBG was either confirmed or denied ... in
reality, there's not much new here. The NYT confirmed that their previous
article was talking about Dual_EC_DRBG, but that's what everyone (edit: in the
cryptography community) expected anyway [1].

We still don't know the exact story behind Dual_EC_DRBG. Maybe the NSA
carefully crafted the DRBG to contain a backdoor that they knew from the
outset. Maybe they didn't notice the backdoor until later (perhaps after
cryptographers pointed it out) but ended up discovering the 'key' that allows
you to predict the stream, completely breaking the DRBG (this is very
unlikely, however). Or maybe they're no better off than the general public.

Annoyingly, there are no concrete details. Internal memos "appear to confirm
that the fatal weakness, discovered by two Microsoft cryptographers in 2007,
was engineered by the agency". In the latest NYT article, the internal memos
"suggest that the N.S.A. generated one of the random number generators used in
a 2006 N.I.S.T. standard". (What "generated" really means here is beyond me;
obviously the constants were generated somehow. The question is whether or not
they were generated with malicious intent. Is the 'generated' part
quoted/paraphrased from the memos?)

Now I'm not saying that the NSA didn't have some malicious intent with
Dual_EC_DRBG. But we have a stunning lack of any evidence. Internal memos
'appear to confirm' and 'suggest', but the bits provided from them are...
lacking. Things certainly seem fishy, but we don't even know the context of
the quotes.

I don't know. It certainly wouldn't surprise me if Dual_EC_DRBG was engineered
to have a backdoor, but all of the articles I've read seem to carefully use
weasel words when talking about it.

[1]
[http://crypto.stackexchange.com/a/10258/2454](http://crypto.stackexchange.com/a/10258/2454)

~~~
nodata
> that's what everyone expected anyway

This one sentence is a _remarkably easy way_ to kill a story for the 99.9% of
the world who this is news for.

"Everyone" indeed.

~~~
ReidZB
I suppose that was a bit presumptuous of me. My apologies.

The whole spiel has made several rounds on HN, though [1], and Ars reported
again on the matter about a week ago [2]. But I do acknowledge that doesn't
necessarily mean much... not everyone has the time (or the inclination!) to
follow such matters.

[1]
[https://www.hnsearch.com/search#request/all&q=dual_ec_drbg&s...](https://www.hnsearch.com/search#request/all&q=dual_ec_drbg&sortby=points+desc&start=0)

[2] [http://arstechnica.com/security/2013/09/the-nsas-work-to-
mak...](http://arstechnica.com/security/2013/09/the-nsas-work-to-make-crypto-
worse-and-better/)

~~~
throwaway_yy2Di
_" The whole spiel has made several rounds on HN, though [1]"_

If you look at this discussions, HN commenters were very skeptical this was an
NSA backdoor. The _speculative possibility_ isn't news; the _fact_ very much
is.

[https://news.ycombinator.com/item?id=4580434](https://news.ycombinator.com/item?id=4580434)

~~~
ReidZB
That's the thing, though: this article doesn't say that the NSA _did_ generate
the Dual_EC_DRBG constants with a backdoor in mind. It just says that internal
memos suggest and appear to confirm that they did.

That is, the article isn't really anything new.

------
alan_cx
Before reading this, bear in mind, you wont find many more critical of
government than me....That said I have to ask the following:

How can any government accept a situation where communications are so secure
that none of their agencies can break it? Essentially law enforcement do need
to investigate crime. That has to be right and good for all. Even this
anarchist accepts this.

Such a situation is fine for "us", and great for government, in that it means
they them selves can communicate with confidence. But to expect government to
accept a situation where there is zero way they can snoop or investigate is
asking a lot. Its a huge risk to government. So, I think we have to forget
that idea completely, as attractive as it is to the likes of me.

As others have said, its procedural or legal, not technical. What is needed is
a rock solid frame work and set of rules that properly limit how the snooping
is done. What is needed is a universal bill of online or electronic rights.
Not just for the USA, but something that can apply to any country and
government. I'd suggest it should be developed by an international group, UN
backed, and made part of being a member. Or could it be something that has to
be agreed to as part of acquiring IP addresses or domain names. Dunno, but tie
it in some how.

Ok, I'm not sure that works totally as I have set it out, Im no lawyer, and
others may well want to modify it, but we need something international as the
internet is international. We all need protection, not just Americans. We need
a base level to work from. Something we can all accept as reasonable, workable
and enforceable. Most of all, we need confidence in using communications and
those regulating it.

~~~
andrewljohnson
"How can any government accept a situation where communications are so secure
that none of their agencies can break it?"

In my opinion, the 4th amendment says the government needs a good reason and a
warrant, and then we all agree they can read my gmail. We don't have to agree
they can store, search, and use everyone's gmail for fighting crime,
terrorism, or gaining economic advantage over other nations.

Forget international committees. Smash the hard drives with my phone data in
them that spooks can read at will.

~~~
sp332
Even if they have a warrant, they can't read a well-encrypted email. What do
they do then?

~~~
DanBC
They put you in prison until you hand over the keys. In the UK this is under
RIPA. In the US there's probably some law they can kludge to fit - contempt of
court or some-such.

~~~
kamjam
What happens in situations like this if you use a hidden volume within an
encrypted file using something like Truecrypt, which allows plausible
deniability? You've supplied the "password" but the real meaty stuff is still
hidden away...

[http://www.truecrypt.org/docs/hidden-
volume#Y0](http://www.truecrypt.org/docs/hidden-volume#Y0)

~~~
DanBC
Hidden volumes are often done wrong and trivially easy for 'them' to find.

Under UK law the rule isn't to hand over the keys so they can decrypt the
ciphertext, but to make the plaintext available.

~~~
kamjam
Yes, I understand that, but if you have 2 passwords, each of which unlocks
different plaintext within your encrypted conatainer, then theoretically you
could never be found out... (but as you saying, assuming the implementation is
correct)

------
mathogre
It's too fucking late. Government, we don't trust you anymore. You're not a
part of us. For once, I'm ashamed of being an American.

~~~
detcader
Depends what you define as being "an American".. Glenn Greenwald, the main
journalist publishing the leaks, asserts his US citizenship and his American
identity as the ultimate impetus behind his acts -- his belief in the American
Constitution and the rights of American citizens

~~~
joe_the_user
America's conscience.

In exile in Brazil.

~~~
detcader
We should remember his exact reason for being in Brazil in the first place,
which he outlines here [1]; he would no doubt be moving to the US as we type
if it weren't for the NSA stories

[1] [http://ggsidedocs.blogspot.com.br/2013/01/frequently-told-
li...](http://ggsidedocs.blogspot.com.br/2013/01/frequently-told-lies-
ftls.html)

~~~
joe_the_user
Sure, Greenwald moved to Brazil because of one US policy and now stays there
because of another. But also, Snowden quite likely contacted Greenwald because
he was a well known US journalist of high principles who wasn't located in the
US. So there you are.

------
j_baker
I suspect that NIST is just another government organization trying to do their
jobs, and I don't think it's fair that their name got dragged through the mud.
The truth is that the NSA practically co-opted NIST's decision-making
strategy. I have confidence in NIST. Sadly, I don't have confidence in the NSA
to not muddy up the process.

~~~
icambron
I'm not sure you can separate those. If NIST is being systematically
interfered with by the NSA, how can you have confidence in them?

~~~
atmosx
+1 I don't get it, don't they get paid at NIST? Do they have moral values and
ethics? Or it's okay to say " _Hey NSA pressed us really hard to backdoor you
all. So yes we did it, but we didn 't really want to_", they are not judged
for their initial intentions, they are judged for their wrongdoings. The NSA
could say that (was said many times actually) the data retention in the end of
the day is to protect America against _terrorism_. Problem is no one believes
them.

~~~
j_baker
You seem to be assuming there's something NIST could have done about it. Based
on what I've read, that doesn't seem to be the case. It seems like the NSA
squeezed everyone else out so that they were the only ones calling the shots.

~~~
icambron
Apologies for turning to semantics, but I think the confusion is over what
"confidence in" means. I think you mean something closer to "respect for". I'm
not sure I agree, but I'm not well enough informed to argue the point.
Generally, having confidence in something means that you think there's a high
probability it will deliver good results, for whatever value "good results"
has in that context (e.g. having confidence in a sports team is believing that
they'll win). The purpose of NIST isn't to try to do the right thing, or to be
competent, or any of that; it's to create good technologic standards. If
you're skeptical that they can do that effectively job effectively,
_regardless of why_ , then you're not confident in them.

To clarify all that, I'm not arguing your point as I now understand it; I'm
just suggesting why you've found some opposition to it as you stated it.

------
m0nty
The cynic in me says "of course they want us to trust their flawed encryption
standards, otherwise there's no point back-dooring them in the first place." I
suspect, however, that this has more to do with high-profile businesses
complaining about the damage that's been done to them in the last few weeks.

------
ck2
With RC4 being used to mitigate beast, we need a solution soon for the web,
because RC4 is falling apart
[http://www.isg.rhul.ac.uk/tls/](http://www.isg.rhul.ac.uk/tls/)

~~~
harshreality
Clients mitigate BEAST. RC4 is only a stopgap for ancient clients that don't
have BEAST workarounds.

There is a solution, TLS 1.1 and 1.2. Because of slow server-side adoption,
clients will have to keep supporting TLS 1.0 for quite a while. Because
clients can't drop support for TLS 1.0, there's no strong incentive for server
administrators to ensure their servers support TLS 1.1 and 1.2.

------
pyalot2
Want to know how to get a secure encryption standard? Do not develop it with
the government involved, especially not the US government.

~~~
laumars
That doesn't ensure a lack of foul play. Even none government-employed
developers could be turned into "agents" to insert code. Whether they're
bought off or even just have strong patriotic motivations to begin with, you
still need a stricter review process to ensure that no one country nor
organisation has significant input nor control over the code.

~~~
pyalot2
That's true. But if you've not got a player on the table you're obliged to
listen to because their vote overrides everybody elses, they can't shoot down
things they don't like as easily.

------
mcguire
" _N.I.S.T. attributed the allegations to confusion and noted that it was
required, by statute, to consult with the N.S.A._ "

I think they'll find it is difficult to "restore confidence" if they are
required to "consult" with those responsible for the lack of confidence.

At least, I hope so. Whitewash and time are marvelous.

------
RamiK
Every standards body that is even remotely financed by governments or
companies is a lie. ([http://www.ecma-
international.org/publications/standards/Ecm...](http://www.ecma-
international.org/publications/standards/Ecma-376.htm))

Committees rulings are a lie.
([http://www.textbookleague.org/103feyn.htm](http://www.textbookleague.org/103feyn.htm))

Even the most seemingly reasonable regulations are a lie.
([http://www.amazon.com/The-Truth-About-Drug-
Companies/dp/0375...](http://www.amazon.com/The-Truth-About-Drug-
Companies/dp/0375760946))

The sooner people realize there's no other option other than a direct
democracy since governments and companies are untrustworthy, the better.

~~~
nemothekid
Who gets to vote in a direct democracy? My parents don't know anything
cryptography, and are likely to base their decision on others, or even worse,
a news source.

Right there, our parents outnumber us 2:1. Why should I trust the rest of
America, who largely gets their information from media companies designed to
optimize for ratings, on matters pertaining to cryptography?

~~~
hjnilsson
Indeed, it would not be long before the press makes the case that 0% tax for
media would be awesome for everybody. "There would be no commercials!", "Think
of the children, we can make quality programs with more cash!" etc. etc.

Direct democracy is not a solution. The solution is the thing we're doing now.
The system works in the sense that we're righting it by having this kerfuffle
about the secrecy. And something will change, and then the issue will be
forgotten for awhile and the story will repeat.

------
tripzilch
NIST should break ties with the NSA.

That's probably not possible/going to happen but that's what would happen with
any other organisation severely breaching confidence like this.

Those are, however, the sort of big actions they need to show to have a chance
at regaining trust.

------
frank_boyd
You lost me at:

"Government Announces Steps to Restore Confidence"

~~~
skore
Trust is a fickle thing, but one thing that I have learned is that one vital
element to building trust is to refrain from announcing your intention of
doing so. Even having a "plan to build trust" is questionable - if you need to
make such a plan, most likely you have already lost any chance of succeeding.

People must build trust entirely by themselves. If they don't build it
themselves, it's not trust. It's persuasion.

And the willingness to be persuaded has been eliminated rather thoroughly,
lately.

------
akulbe
Golf clap, anyone? Anyone?

This is a huge confidence builder. Huge.

~~~
jayfuerstenberg
Too little, too late.

This is like a criminal promising he won't do it again, but only AFTER been
caught and having the entire town surround him with pitchforks.

------
raheemm
I hate all this NSA spying but they do have a point - if they cant read the
communications of the bad guys, how are they supposed to catch them before
it's too late. Isn't there a way to accomplish both objectives of security and
preserving constitutional freedoms?

~~~
noir_lord
Yes but it relies on an informed electorate holding mostly honest elected
officials to account while said officials hold the tools of state to account.

In other words no.

~~~
raheemm
The justice dept caught a bunch of mafiosos without violating the rights of
everyone else. Why? Because judges oversaw the handing out of search and wire-
tapping warrants. A balance was found between security and liberty.
Unfortunately, what is happening now is that we are lead to believe it is one
or the other. And it's made worse when the debate gets trapped in the "right
vs left", "conservative vs liberal" context.

Seems to me that the judicial system needs to get more involved in this.
Congressional oversight of NSA, TSA, DOD, etc has not really worked.

There is also a role for technology to play. Out of millions of calls,
billions of emails, how do you flag that one bad guy? The implicit assumption
in such a problem is that you collect the data on everyone so that you can
look for patterns of bad guy behavior. But is there another way?

------
ilaksh
This seems to prove that NIST and similar institutions and their standards
should not be trusted or taken seriously in regards to security if that is
your primary concern.

Anyway anything standardized is going to be relatively well known and
therefore more likely to have existing exploits.

But these institutions have proven that they should not be trusted and no
amount of PR should change that for prudent individuals or companies.

------
gesman
That's putting the cart before the horse.

The first step would be for Government to Announce Steps to Restore Confidence
in Government.

------
quizzas
"Fool me once shame on you, fool me twice shame on me" People honestly believe
the government can be fully transparent ? The way they set up the FISA court
is a clear indicator of its intentions from the get go.

------
notatoad
Does the government plan to announce steps to restore confidence in the
government? because at this point, that's more important to me than their plan
for anything else.

------
ianstallings
Sign up now for the _official_ Dog and Pony Show: Restoring Confidence To Our
Dogs and Ponies.

------
snarfy
> ... N.I.S.T. is also required by statute to consult with the N.S.A.”

That statute needs to be removed.

------
Zoomla
under some secret order, they are thinking the oposite

------
forgotAgain
What big eyes you have grandma.

------
gcatalfamo
NYT lost THIS much credibility together with the US govt altogether.

