Hacker News new | comments | show | ask | jobs | submit login

Well that is a bit uninformed. Military grade (at least the US context) means algorithms and implementations analyzed and approved for use by the NSA. Today this means 'Suite B' crypto like AES, RSA, ECDH, etc. It should also mean dedicated hardware or certified implementations, physical key fill, etc. However, the words 'military grade' are frequently abused by sales to mean a badly performing variable time noise spewing implementation of AES.

In days past the 'commercial grade' crypto was often not real crypto, like voice scramblers, using 40-bit DES (when govt was using Triple-DES), XORing against a non-cryptographic PRNG keystream repeatedly, all sorts of rubbish.




That is mostly what I meant. Military-grade means approved by NSA or it's equivalent in given state. What I tried to point out is that such approval does not necessarily mean that such cryptosystem is secure for your application (eg. various tactical radio encryption systems, "military DRM"...) or even secure and meaningful at all ("data diode", various NATO TS approved quantum cryptography things...).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: