Hacker News new | past | comments | ask | show | jobs | submit login
Government Announces Steps to Restore Confidence on Encryption Standards (bits.blogs.nytimes.com)
222 points by misiti3780 on Sept 11, 2013 | hide | past | web | favorite | 129 comments

This got my heart beating. There is actual rebellion among academics, and a movement to restore trust in both people and tech. This is the NY Times quoting Matt Green of John Hopkins in the article:

“I know from firsthand communications that a number of people at N.I.S.T. feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an interview Tuesday.

Thats pretty strong sentiment. Seems to echo the bitterness of Rogaway: http://www.cs.ucdavis.edu/~rogaway/politics/surveillance.pdf

This is an important question of our times, and the cryptography experts should speak up like this. They have the credibility, and the ear of the people and media.

Yes, Prof. Green posted a critical post about the NSA, and then JHU asked him to remove the post from their servers[1]. I'm stunned; academic freedom is evidently an illusion in some parts of the US.

How deeply have our academic institutions been co-opted by the intelligence community?

1. JHU then had a dean apologize, but it was almost certainly only a reaction to the negative publicity that ensued: https://twitter.com/matthew_d_green/status/37712085467858534



The apology was also removed.

With the NSA committing industrial espionage and able to do insider trading in order to fund its operations off the books I am sure they can also most generously "donate" money to Universities.

There's also the CIA Officer in Residence program, which I actually think is great because you get to meet people with IC experience who can point you in the direction of all sorts of cool unclassified tech.

And of course the quickly retracted notices not to read the Wikileaks cables if we ever wanted a security clearance that went out to all the Ivies, which were not so great. I believe Columbia was even stupid enough to email instructions to their students not to read vital source material if it came from Wikileaks.

“I know from firsthand communications that a number of people at N.I.S.T. feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an interview Tuesday.

That's the understatement of the century. NIST is pissed off. Many of these guys move fluidly back and forth from NSA, and clearly they were kept in the dark.

Let's see how they dramatically improve the process then. I hope they don't think statements like "we didn't do it, trust us" are enough.

But it's probably best to just forget about NIST and start from scratch with a new standards body with zero influence from the government - any government(how it should be).

They can't fix it. As the article noted, they are required by law to consult with the NSA. While the NSA is an expert on cryptography, they are obviously (and were, obviously, at the time that law was written) conflicted. That the law says that NIST has to consult with the NSA means that the law-writers, our government, want NIST to allow NSA to weaken cryptography standards. This is not conspiracy-thinking, anyone who thought through the consequences of this law would see that this is what the NSA would try to do.

Why would the cryptography community ever again cooperate with NIST while the requirement to consult with the NSA is in place? It's not a question of feeling betrayed, it's simply irrational to try to create a strong cryptography standard when the NSA is in the room. They can do that work outside of NIST.

Almost by definition, a standards organization would have some form of government (lowercase g) running it. What would you suggest as an alternative? Wikistandards? Even a wiki has government.

I don't see the utility in using "government" to mean something other than "the state". We have other words that can work just as well without introducing confusion about the intent of the speaker.

That's "governance", not "lower-case-g-government"

Nitpicking but why understatement? Feeling betrayed sounds more serious that just pissed off.

The actual words I wanted to use wouldn't be appropriate in daily conversation. The most accurate substitutes would be incensed, enraged, livid.

"Feeling betrayed" implies skulking about with a sad expression. In reality, from what I hear, I imagine it's more like senior NIST officials roaming the halls at Fort Meade looking for somebody at whom to scream strings of obscenities.

Just semantics- 'feeling betrayed' is passive; 'are pissed off' is active. Probable reality- the betrayal has pissed them off.

"Many of these guys move fluidly back and forth from NSA..."

This isn't regarded as a problem?

Part of the NSA's job is securing the United States cyber infrastructure, and the people tasked in that job take it just as seriously as the collection part. They sponsored SELinux, and their security guides are quite good:


If I remember correctly back in beginning of 1990s there was a discussion in the US about preventing export of encryption protocols, then it was a discussion about making laws where a suspect is obliged to give up his/her key just like in the UK to agencies, and someone even mentioned making encryption unavailable or forbidden by law for civilians. All in the name of "we wont be able to catch criminals if we cant listen in on communications". Up to that point in time, encryption and secure communications was reserved for agencies and those in power, it was not for the plebians. See for example how it went for PGP.

I guess a route that US agencies took is to "we will recommend good standards for you, because you know we also need security, but you shouldnt know all those standards and implementations will be compromised so we still retain the ability to spy on you while you wont be able to spy on us and if you do then you're a traitor".

The export related discussion you remember was the _end_ of that programme.


This is a procedural, not technical problem. It almost seems like the standardisation process open to everyone just enables everyone to insert their own backdoors into the standard.

One interesting way to solve the problem would be to allow differenct mutually hostile entities to define their own standards (US, Russia, China, FSF, Pirate Bay, whoever) and then encrypt using all of them.

That way, even if there is backdoor in each protocol, the only way to decrypt would be all those disparate players to cooperate. It would be like a vault with multiple keys possesed by different people.

Sounds ideal, until you realize that building and operating proper encryption is too hard for some of these organizations (PirateBay, FSF). For the rest, they are only mutually hostile on the surface. I am sure when it suits them they will get together and sell all our asses to each other.

You mean like Obama giving a tool to read his email to Putin? Unlikely IMO.

More generally, something along the lines of: "You give us Snowden/limit his asylum claims/etc etc, and we give you favourable trade terms".

Or maybe we work out a deal over Syria.


  echo hello | crypt -usa | crypt -russia | crypt -china

True, but Russia, China and the US all have a shared interest in working (together?) against Islamic rebels/separatists/militants/terrorists, so they may well cooperate more than you might at first suspect. If you could get some Islamic militants to (develop?) contribute a cryptosystem, then you would be more convincing.

It's arguable that their interest is to fight against "Islamic rebels/separatists/militants/terrorists".

One might say that they instead have a political and economical agenda disguised as war against terror.

If so, they would certainly have conflicts of interest, at least at some point.

One could argue that at least mass-surveilance would be much more difficult to pull off... But I am afraid that the governments would start cooperating (in 1984 style).

Oh god, not again with the "war on terror".

Iran should be able to do that.

I think something like W3C would be better.

W3C or IETF are open by their nature. Thus, there can be multiple backdoors inserted by multiple parties. So if you use multiple such standards to encrypr, it may happen that there's an entity that has backdoor in all of them.

A standard from NSA, on the other hand, is guaranteed to have exactly one backdoor. Same goes for KGB etc.

Thats an interesting concept, I wonder if Russia and China have their own standards/protocols to use?

I guess we could get the same effect by encrypting using 3DES, then AES, then blowfish, twofish and then RC4.

OpenSSL supports these Russian GOST standards:

* md_gost94 message digest algorithm

* gost89 symmetric encryption algorithm with 256 bit key

* gost94 public key algorithm with 1024 bit public key

* gost94cp public key algorithm with 1024 bit public key (CP mode1)

* gost2001 public key algorithm based on elliptic curves with 512 bit public key

* gost2001cp public key algorithm based on elliptic curves with 512 bit public key (CP mode1)

Should I make a simple script to use gnutls to encrypt a file with AES then openssl using gost89, then 3des ?

Why not? Seems like fun.

> I guess we could get the same effect by encrypting using 3DES, then AES, then blowfish, twofish and then RC4.

TrueCrypt supports cascaded encryption in XTS mode, see [0]. AES-Twofish-Serpent, combined with a decent password and Whirlpool hash algorithm (it is used for HMAC and for mixing the RNG) should be pretty secure, IMO. Anyhow, we don't have plenty of really good and checked publicly available alternatives for symmetric encryption.

[0] http://www.truecrypt.org/docs/cascades

Counterintuitively, sequentially applying additional crypto doesn't necessarily improve security; in theory, it may actually damage it.

If the keys used for each cipher are independent it should not weaken security. See section 15.7 of Applied Cryptography (http://www.cse.iitk.ac.in/users/anuag/crypto.pdf).

Any pointer to explanation of the phenomenon?

None of this helps you if the random number generated that created your key is compromised.

Even if you use different random number generators?

I suppose you could, yes. If you wanted to make all this happen algorithmically you'd end up with a super-sized key that was a concatenation of all the keys you generated for each of the sub-algorithms, where the sub-algorithms would each consume their respective key chunks.

You don't have to concatenate your keys, simply XORing the random bitstreams together works fine (my intuition says that XORing them would provide a stronger result).

The weird bit is the NYT did it on their own website instead of Ars. It's also super classy of Ars to cite a second report by the NYT then link to their own summary of that article too!


Mike Masnick calls it a complete non-response from NIST, regarding the real issue/accusation:


When was Mike Masnick last happy about anything?

The original NYT article was submitted, but barely upvoted.


now the original link was changes to NYTimes anyway

When I saw 'new details' (edit: this was referring to an old title), I was hoping that the backdoor in Dual_EC_DRBG was either confirmed or denied ... in reality, there's not much new here. The NYT confirmed that their previous article was talking about Dual_EC_DRBG, but that's what everyone (edit: in the cryptography community) expected anyway [1].

We still don't know the exact story behind Dual_EC_DRBG. Maybe the NSA carefully crafted the DRBG to contain a backdoor that they knew from the outset. Maybe they didn't notice the backdoor until later (perhaps after cryptographers pointed it out) but ended up discovering the 'key' that allows you to predict the stream, completely breaking the DRBG (this is very unlikely, however). Or maybe they're no better off than the general public.

Annoyingly, there are no concrete details. Internal memos "appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency". In the latest NYT article, the internal memos "suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard". (What "generated" really means here is beyond me; obviously the constants were generated somehow. The question is whether or not they were generated with malicious intent. Is the 'generated' part quoted/paraphrased from the memos?)

Now I'm not saying that the NSA didn't have some malicious intent with Dual_EC_DRBG. But we have a stunning lack of any evidence. Internal memos 'appear to confirm' and 'suggest', but the bits provided from them are... lacking. Things certainly seem fishy, but we don't even know the context of the quotes.

I don't know. It certainly wouldn't surprise me if Dual_EC_DRBG was engineered to have a backdoor, but all of the articles I've read seem to carefully use weasel words when talking about it.

[1] http://crypto.stackexchange.com/a/10258/2454

> that's what everyone expected anyway

This one sentence is a _remarkably easy way_ to kill a story for the 99.9% of the world who this is news for.

"Everyone" indeed.

I suppose that was a bit presumptuous of me. My apologies.

The whole spiel has made several rounds on HN, though [1], and Ars reported again on the matter about a week ago [2]. But I do acknowledge that doesn't necessarily mean much... not everyone has the time (or the inclination!) to follow such matters.

[1] https://www.hnsearch.com/search#request/all&q=dual_ec_drbg&s...

[2] http://arstechnica.com/security/2013/09/the-nsas-work-to-mak...

"The whole spiel has made several rounds on HN, though [1]"

If you look at this discussions, HN commenters were very skeptical this was an NSA backdoor. The speculative possibility isn't news; the fact very much is.


That's the thing, though: this article doesn't say that the NSA did generate the Dual_EC_DRBG constants with a backdoor in mind. It just says that internal memos suggest and appear to confirm that they did.

That is, the article isn't really anything new.

Yes, news to me and that it's reported by the New York Times no less, albeit on a blog, makes it less of a conspiracy theory and less controvertible. I'd say it's more like this is news to 99.99999%

Kind of shocking, N.I.S.T and the C.S.E with their pants down.

This is news to me.

Before reading this, bear in mind, you wont find many more critical of government than me....That said I have to ask the following:

How can any government accept a situation where communications are so secure that none of their agencies can break it? Essentially law enforcement do need to investigate crime. That has to be right and good for all. Even this anarchist accepts this.

Such a situation is fine for "us", and great for government, in that it means they them selves can communicate with confidence. But to expect government to accept a situation where there is zero way they can snoop or investigate is asking a lot. Its a huge risk to government. So, I think we have to forget that idea completely, as attractive as it is to the likes of me.

As others have said, its procedural or legal, not technical. What is needed is a rock solid frame work and set of rules that properly limit how the snooping is done. What is needed is a universal bill of online or electronic rights. Not just for the USA, but something that can apply to any country and government. I'd suggest it should be developed by an international group, UN backed, and made part of being a member. Or could it be something that has to be agreed to as part of acquiring IP addresses or domain names. Dunno, but tie it in some how.

Ok, I'm not sure that works totally as I have set it out, Im no lawyer, and others may well want to modify it, but we need something international as the internet is international. We all need protection, not just Americans. We need a base level to work from. Something we can all accept as reasonable, workable and enforceable. Most of all, we need confidence in using communications and those regulating it.

"How can any government accept a situation where communications are so secure that none of their agencies can break it?"

In my opinion, the 4th amendment says the government needs a good reason and a warrant, and then we all agree they can read my gmail. We don't have to agree they can store, search, and use everyone's gmail for fighting crime, terrorism, or gaining economic advantage over other nations.

Forget international committees. Smash the hard drives with my phone data in them that spooks can read at will.

Even if they have a warrant, they can't read a well-encrypted email. What do they do then?

They put you in prison until you hand over the keys. In the UK this is under RIPA. In the US there's probably some law they can kludge to fit - contempt of court or some-such.

What happens in situations like this if you use a hidden volume within an encrypted file using something like Truecrypt, which allows plausible deniability? You've supplied the "password" but the real meaty stuff is still hidden away...


Hidden volumes are often done wrong and trivially easy for 'them' to find.

Under UK law the rule isn't to hand over the keys so they can decrypt the ciphertext, but to make the plaintext available.

Yes, I understand that, but if you have 2 passwords, each of which unlocks different plaintext within your encrypted conatainer, then theoretically you could never be found out... (but as you saying, assuming the implementation is correct)

The get a warrant to put a key logger on your machine and get it that way.

> How can any government accept a situation where communications are so secure that none of their agencies can break it?

In a democracy? A system in which (at least in principle) the government is supposed to obey the laws and serve the needs of the people?

> Essentially law enforcement do need to investigate crime.

That logically breaks down to two questions: (1) Can the government listen in on anything it wants, and (2) does the government have that right? I won't presume to offer practical answers, but from a legal and constitutional standpoint, the answers are maybe and no.

> Even this anarchist accepts this.

An anarchist who accepts the government's right to listen in on anything ... isn't an anarchist. An anarchist who assumes that the government is doing that ... is a realist.

> How can any government accept a situation where communications are so secure that none of their agencies can break it?

The way they accept every other fact of life that they cannot change.

The genie is out of the bottle now. Strong encryption exists; government cannot break it, and "bad actors" will use it. Law enforcement do need to investigate crime, but they need to do it in the real world not in the world of make believe. If that means they have to go back to older, harder investigative methods then life will go on.

The "alternative" that our governments seem to have chosen is unconscionable... They break their own laws, forsake their own principles and corral their own people into virtual concentration camps.

In their desperation they have seized total control, and then "restrained themselves" to simulate the capabilities they might have had in the good old days. Their self-restraint is admirable, but our societies are founded on law and democracy, not built on trust in the good natures of absolute rulers.

I like your thoughts because they pay respect to the fact that (current) governments are NOT foundationally correct entities. They are socially-constructed approximations of justice which aid our human existence, but are not fundamentally infallible as, say, the laws of physics.

Government should be a last-ditch effort to maintain the long-term survivability of our species.... However, so many people (cough Apple) treat laws as a list of the most disrespectful circumstances and violent actions they can do without repercussions.

We can deny the existence of strong crypto no more than we can deny the existence of Plutonium. Any government that can't regulate around that has no justification for our support and any population that can't survive the gifts of Prometheus has no justification for survival.

If we're to levitate above the point we're at now (compromised security, virtual concentration camps, etc.), we've got to develop our culture such that there is no incentive to use strong crypto for gain. We've got to stop pushing ourselves into such dense living quarters. We've got to further lower our reproduction rate. We've got to stop buying into celebrity and corporate culture....

> How can any government accept a situation where communications are so secure that none of their agencies can break it?

Does the government accept situation where it cannot read your own thoughts? How is that different?

You could make the same argument about crime fighting here. If we could read thoughts, well, then there would be no unsolvable crime really. But is it desirable?

So, no, even anarchists won't agree (neither me, and I am not an anarchist). The privacy comes to moral consideration too. Secret communication has no effect on the real world unless the people communicating actually act. Just like thoughts have no effect on the real world, unless you act. That's why we don't punish thoughts, but acts, and by that extension, we shouldn't punish communication, just acting based on that communication. Since these acts take place in the real world, criminal investigation is not obstructed.

Edit: Maybe a clarification. You could make an argument that if you don't know communication between people, then it's harder to convict a specific person rather than just the group. But the same is true for private communication (it was always a problem, even before electronic communications), and is also true for communication between neurons (we cannot be sure if person acted willingly or is a psychiatric case).

Huh? There are lots of limitations on the power of government (and law enforcement). Why is it "asking a lot" for them to accept that?

I have absolutely no interest in forgetting the idea of secure communications just because governments won't like it.

I find it peculiar to see someone call themselves an anarchist yet accept this - unless you're a Proudhonist or other particularly esoteric pre-Bakunin kind that have been out of fashion since the 1870's...

A key feature of anarchism all the way back to when Bakunin was expelled from the first International by Marx over the issue of state authority has explicitly been the rapid destruction of the state as a critical element exactly because of the opportunity for oppression that lies inherent in the state. This is pretty much the dividing line between anarchism and marxist socialism/communism (the marxist standpoint is that a large scale working class uprising would enable the transformation of the state from a tool of oppression by the upper classes against the working class to a temporary tool of oppression by the working class against the upper classes, becoming obsolete as the working class subsumes the previously privileged classes), and also one of the major distinguishing features between anarchism and the various form of liberalism (in the classical sense, not the modern US sense) and libertarianism

The point being that the government does not serve you. It may quite regularly do things that overlap with your interests, but your influence on your government is disproportionally small in any situation where economic power buys you more attention from legislators per head than a vote does.

In that kind of situation, something that makes the government afraid is not something we should forget, but something to embrace and expand to help redress the balance.

Yes, it also helps 'the bad guys'. So does envelopes on your mail, the ability to freely lock your door and expect the police not to wander it at their leisure, or the ability to walk down the street without an id number stamped to your forehead. It would make things a lot easier for law enforcement if we all lived in prison already. Obviously we do not accept these things - it is not enough for something to benefit law enforcement for us to accept it.

> But to expect government to accept a situation where there is zero way they can snoop or investigate is asking a lot.

I see noone expecting government to accept such a situation, and even flawless information security for your communications does not create such a situation. You are setting up a strawman with this sentence.

> What is needed is a rock solid frame work and set of rules that properly limit how the snooping is done.

Rules don't stop people from doing something when the ability to monitor that they are actually complying is nearly non-existent.

> I'd suggest it should be developed by an international group, UN backed, and made part of being a member.

This is a very naive view of how the UN works. The very point of the UN is that it is inclusive - you don't exclude even the worst dictators because then you shut down communication. The upside is that this means there is a forum to make agreements amongst pretty much all the governments of the world. The downside is that you have to deal with these governments even when drafting agreements where "the good guys", if you can even come up with a cohesive list of who they would be, all agree to principles that would substantially improve things. Yes, it is infuriating whenever some dictatorship effectively shuts down some initiative, but it is the reality we have to live in as long as these regimes exist.

In other words, the UN will not do something like this because it goes directly counter to the interests of the governments of a large number of UN countries. And without substantial political upheaval it also goes counter to the interests of the governments of many democratic countries whose populations might prefer much stricter rules.

> Or could it be something that has to be agreed to as part of acquiring IP addresses or domain names. Dunno, but tie it in some how.

The current system for allocation of IP addresses and domain names only works because everyone voluntarily defers to the respective authorities. Even then, nothing but technical skills stops you, your grandma, or your government from setting up its own DNS roots, and nothing stops your ISP or your government from changing routing tables and allocate its own addresses.

They don't because it would break a lot of things, and because the current processes are sufficiently apolitical to not give them a reason to. If that changed, the internet would break into islands where not all parts can talk to all other parts without intermediaries.

This is why nobody has force the issue of tieing non-technical requirements to allocations of IP addresses or domains any more than it is in anyones interest to, say, withhold a country code for phone numbers from a dictatorship.

Great points. I am not an anarchist in theory, but I agree with many of your points on a practical level. Balance of power is critical to maintaining a fair society, which was obviously violated by the NSA's actions, insofar as their power to misuse their information advantage was not appropriately constrained. Please forgive my ignorance on the matter, but what claims have been made regarding innapropriate actions taken based on the NSA's surveillance programs? Inappropriate meaning "decreasing fairness of outcomes in a real sense", not based on the theoretical potential for abuse of an asymmetric information advantage.

I'm a thoroughly pragmatic person. I share all of your concerns about abuse of power (which I see very real cases of everywhere). Yet something in my core believes the ultimate theoretical good may not be ultimate secrecy, but no secrets at all. (Yes, I realize the best path there is not a straight line, if there even exists a practical path).

An honest question for anyone who is passionate about secrecy/anonymity: is it something you inherently value or do you value it because you don't trust other parties to not misuse it? Hypothetically, if that were not possible because their abuse would also be known and they would be held accountable, would that alleviate your concerns?

Your augment makes sense, but somehow you're missing the idea that the government has infinite ways to investigate someone outside of breaking encrypted communication. They actually have people who can break into buildings and install keyloggers, or audio bugs, or interview witnesses, or anything you can imagine.

His argument doesn't make sense because it misses the fact that a government is supposed to represent the people, and therefore it should accept the will of the people.

Thank you for posting that. When the government has indiscriminately turned its power against the people it is supposed to protect, then it is working to some other end and for some other interest.

"How can any government accept a situation where communications are so secure that none of their agencies can break it?"

Their friends in the business community can rest assured that foreign competitors, criminals, etc. are not able to eavesdrop on their communications. Spies in foreign countries could use a strong cipher without raising any suspicions. These arguments were made in the 90s you know.

"Essentially law enforcement do need to investigate crime."

Only to a point. If the only evidence of a crime is the plaintext of some encrypted message -- no physical evidence, no witnesses, etc. -- then the benefits of strong cryptography vastly outweigh whatever problem there is with letting the crime go unpunished.

> How can any government accept a situation where communications are so secure that none of their agencies can break it?

Chief George Earle: Sensors all over the city can zero in on anyone at any time. I can't even conceive of what police officers did before it was developed.

John Spartan: We worked. This fascist crap makes me want to puke.

I'm currently living in Canada, and for a while people would say "Oh, you're from the London UK, I heard they have mass surveillance there and more cameras than people[1]". The worst to judge were Americans I met.

Well, it seems those manually watched cameras were the least of our worries.

[1] http://www.theguardian.com/uk/2011/mar/02/cctv-cameras-watch...

Alan, Is it OK for government only to have the means to do targeted surveillance while dragnet surveillance is not possible? It seems technically possible(probably, that's where blackberry is at. There are a few technical means that might achieve that[1]) and it does fit needing to issue a warrant to do so.

Btw such a strong and capable regulatory framework that is always on, seems useful in regulating corporations and politicians, and if exists it should scare the hell out of them. I could see why they prefer it this way, with. Surveillance staying hidden in the shadows.

[1]one way to do this is strong encryption but medium endpoint security.

This is not just about communications, though, is it? It is about authentication and control over our the machines that help us to run our lives. If you can break my cryptography, you are (in essence) the real owner of every single network-connected digital-electronic device that I have. Which increasingly means all of them. It feels (to me) more akin to theft than dirty-tom peeping.

> How can any government accept a situation where communications are so secure that none of their agencies can break it?

A government by and for the people accepts it because the people accept it.

What a government _is_, of course, a philosophical question. The American Constitution treats government as an agreement among people, and structures that agreement to withhold particular powers from that agreement.

It does _not_ withhold these powers in recognition of some divine grant or innate possession of 'rights', but because it anticipates these powers make the government dangerous to the people governed. Given those powers, the people in government would inevitably abuse them, and would over time evolve into a faction or class to themselves, striving to retain control of the government for their own purposes and to the neglect of the people's.

A government that can consistently and without consequence exceed the powers allotted to it by the people governed will inevitably become an aristocracy, and a tyranny, unless those excesses are checked.

(There are other visions of what a government is. vidarh's comment on this subthread is the best account of anarchism I've read -- really smart -- saying that government is necessarily a class instrument that ought to be weakened or destroyed because it inevitably serves the strong economic interest.)

Of course, those limits make it harder for the government to pursue the people's interests. But the point is that those short-term deficiencies are a wise trade over the long-term, over which an unbounded government would transform into tyranny.

Surely the government can do a better job preventing the next 9/11 bombing if it has all these surveillance powers. But I'm not nearly as worried about such bombings as I am about how the government has already transformed beyond our control, and how much further it could go. I am very sure that 99.99% of us opposed to political terrorism can defeat the 0.01% using it, even while we tie our own hands in some ways for our own long-term protection. It's true that the technology of WMD have increased the potential leverage and destructiveness of that 0.01%. It's also true that we haven't hardly started thinking about how we, as a society, meet and check that expanded threat. I'm confident we'll figure it out. And even if we don't, the possibilities of that violent minority aren't nearly so dangerous or likely as those of an unchecked government.

So how can any government accept such limits? Because it is _us_, and we recognize that those limits best ensure our safety and that of our kids.

I wonder what % of posts in threads covering these topics are astroturf.


How can you expect a government to accept a situation where it cannot compel a criminal suspect to provide evidence against himself?

Why not use ISO, they are doing a fine job on the C standard without the help of NIST.

It's too fucking late. Government, we don't trust you anymore. You're not a part of us. For once, I'm ashamed of being an American.

Depends what you define as being "an American".. Glenn Greenwald, the main journalist publishing the leaks, asserts his US citizenship and his American identity as the ultimate impetus behind his acts -- his belief in the American Constitution and the rights of American citizens

American, Schmerican. What we have here is a group of nationalistic government-employed hominids enforcing their paranoia upon the rest of their species. Justice shouldn't wave flags.

America's conscience.

In exile in Brazil.

We should remember his exact reason for being in Brazil in the first place, which he outlines here [1]; he would no doubt be moving to the US as we type if it weren't for the NSA stories

[1] http://ggsidedocs.blogspot.com.br/2013/01/frequently-told-li...

Sure, Greenwald moved to Brazil because of one US policy and now stays there because of another. But also, Snowden quite likely contacted Greenwald because he was a well known US journalist of high principles who wasn't located in the US. So there you are.

Can you imagine the guy actually living in the USA? He would be annihilated by now.

That's hugely speculative. Just because his car's brakes might fail, it doesn't mean it wasn't an accident.

Yes, the police said he fell down an elevator shaft. Onto some bullets.

Well, that's silly. All of our "Freedom!"-loving allies seem to be in on this. UK, Australia, Sweden, etc. This article mentions that the standards process was being run by Canada, and the Canadians were "finessed" by the NSA. Canada? Really?

And, of course, the non-"Freedom!" countries do this also.

The only difference between the US and all the other countries is the amount of smarts, work, and money the US is putting into subverting privacy. Some of the other countries just seem to be along for the ride.

Of course, as Warren Buffet once said, "You’re looking for three things in a person: intelligence, energy, and integrity. And if they don’t have the last one, don’t even bother with the first two." Because if they don't have integrity, the last thing you want is for them to be smart and driven.

You notice that France, our Oldest Ally, is not on the list.

Probably because they're not team players and are doing all this stuff themselves.

Agreed. Let's face it, NIST and CMVP have been shoving EC-DRBG down everyone's throats for years. This is in spite of the whole conspiracy around EC-DRBG being achingly old.

There is no new information, no fresh concerns. Anyone remotely connected to cryptography has been suspect of EC-DRBG for years. The only thing that has changed is that the main stream media has picked this up.

"Very well, if that is the way the winds are blowing, let no one say I don't also blow." - Mayor Quimby October, 1994.

I suspect that NIST is just another government organization trying to do their jobs, and I don't think it's fair that their name got dragged through the mud. The truth is that the NSA practically co-opted NIST's decision-making strategy. I have confidence in NIST. Sadly, I don't have confidence in the NSA to not muddy up the process.

I'm not sure you can separate those. If NIST is being systematically interfered with by the NSA, how can you have confidence in them?

+1 I don't get it, don't they get paid at NIST? Do they have moral values and ethics? Or it's okay to say "Hey NSA pressed us really hard to backdoor you all. So yes we did it, but we didn't really want to", they are not judged for their initial intentions, they are judged for their wrongdoings. The NSA could say that (was said many times actually) the data retention in the end of the day is to protect America against terrorism. Problem is no one believes them.

You seem to be assuming there's something NIST could have done about it. Based on what I've read, that doesn't seem to be the case. It seems like the NSA squeezed everyone else out so that they were the only ones calling the shots.

Apologies for turning to semantics, but I think the confusion is over what "confidence in" means. I think you mean something closer to "respect for". I'm not sure I agree, but I'm not well enough informed to argue the point. Generally, having confidence in something means that you think there's a high probability it will deliver good results, for whatever value "good results" has in that context (e.g. having confidence in a sports team is believing that they'll win). The purpose of NIST isn't to try to do the right thing, or to be competent, or any of that; it's to create good technologic standards. If you're skeptical that they can do that effectively job effectively, regardless of why, then you're not confident in them.

To clarify all that, I'm not arguing your point as I now understand it; I'm just suggesting why you've found some opposition to it as you stated it.

The cynic in me says "of course they want us to trust their flawed encryption standards, otherwise there's no point back-dooring them in the first place." I suspect, however, that this has more to do with high-profile businesses complaining about the damage that's been done to them in the last few weeks.

With RC4 being used to mitigate beast, we need a solution soon for the web, because RC4 is falling apart http://www.isg.rhul.ac.uk/tls/

Clients mitigate BEAST. RC4 is only a stopgap for ancient clients that don't have BEAST workarounds.

There is a solution, TLS 1.1 and 1.2. Because of slow server-side adoption, clients will have to keep supporting TLS 1.0 for quite a while. Because clients can't drop support for TLS 1.0, there's no strong incentive for server administrators to ensure their servers support TLS 1.1 and 1.2.

Want to know how to get a secure encryption standard? Do not develop it with the government involved, especially not the US government.

That doesn't ensure a lack of foul play. Even none government-employed developers could be turned into "agents" to insert code. Whether they're bought off or even just have strong patriotic motivations to begin with, you still need a stricter review process to ensure that no one country nor organisation has significant input nor control over the code.

That's true. But if you've not got a player on the table you're obliged to listen to because their vote overrides everybody elses, they can't shoot down things they don't like as easily.

"N.I.S.T. attributed the allegations to confusion and noted that it was required, by statute, to consult with the N.S.A."

I think they'll find it is difficult to "restore confidence" if they are required to "consult" with those responsible for the lack of confidence.

At least, I hope so. Whitewash and time are marvelous.

Every standards body that is even remotely financed by governments or companies is a lie. (http://www.ecma-international.org/publications/standards/Ecm...)

Committees rulings are a lie. (http://www.textbookleague.org/103feyn.htm)

Even the most seemingly reasonable regulations are a lie. (http://www.amazon.com/The-Truth-About-Drug-Companies/dp/0375...)

The sooner people realize there's no other option other than a direct democracy since governments and companies are untrustworthy, the better.

Who gets to vote in a direct democracy? My parents don't know anything cryptography, and are likely to base their decision on others, or even worse, a news source.

Right there, our parents outnumber us 2:1. Why should I trust the rest of America, who largely gets their information from media companies designed to optimize for ratings, on matters pertaining to cryptography?

Indeed, it would not be long before the press makes the case that 0% tax for media would be awesome for everybody. "There would be no commercials!", "Think of the children, we can make quality programs with more cash!" etc. etc.

Direct democracy is not a solution. The solution is the thing we're doing now. The system works in the sense that we're righting it by having this kerfuffle about the secrecy. And something will change, and then the issue will be forgotten for awhile and the story will repeat.

NIST should break ties with the NSA.

That's probably not possible/going to happen but that's what would happen with any other organisation severely breaching confidence like this.

Those are, however, the sort of big actions they need to show to have a chance at regaining trust.

You lost me at:

"Government Announces Steps to Restore Confidence"

Trust is a fickle thing, but one thing that I have learned is that one vital element to building trust is to refrain from announcing your intention of doing so. Even having a "plan to build trust" is questionable - if you need to make such a plan, most likely you have already lost any chance of succeeding.

People must build trust entirely by themselves. If they don't build it themselves, it's not trust. It's persuasion.

And the willingness to be persuaded has been eliminated rather thoroughly, lately.

This is classic case of moving targets. There is what is politically feasible at any given moment and what is needed - when they do not overlap.

The moment the needed becomes feasible the new thing needed to calm stuff down becomes politically impossible because the situation has worsened a lot. Typical case was the Euro crisis of 2009-2011.

The USG is caught in weird position right now. The NSA story would have been easy to defuse in June with few bold steps. Now they seem inadequate. And we have a weak presidency and gridlocked congress. And the real fun is Putin just made the rift between them even bigger with a very good diplomatic move. So they cannot move together again to fix the NSA situation for a long time.

It's morning here and I (not literally) spit my coffee reading those same words

Golf clap, anyone? Anyone?

This is a huge confidence builder. Huge.

Too little, too late.

This is like a criminal promising he won't do it again, but only AFTER been caught and having the entire town surround him with pitchforks.

What this is, is basically an admission, isn't it? They've gone beyond denial to mitigation now.

I hate all this NSA spying but they do have a point - if they cant read the communications of the bad guys, how are they supposed to catch them before it's too late. Isn't there a way to accomplish both objectives of security and preserving constitutional freedoms?

Yes but it relies on an informed electorate holding mostly honest elected officials to account while said officials hold the tools of state to account.

In other words no.

The justice dept caught a bunch of mafiosos without violating the rights of everyone else. Why? Because judges oversaw the handing out of search and wire-tapping warrants. A balance was found between security and liberty. Unfortunately, what is happening now is that we are lead to believe it is one or the other. And it's made worse when the debate gets trapped in the "right vs left", "conservative vs liberal" context.

Seems to me that the judicial system needs to get more involved in this. Congressional oversight of NSA, TSA, DOD, etc has not really worked.

There is also a role for technology to play. Out of millions of calls, billions of emails, how do you flag that one bad guy? The implicit assumption in such a problem is that you collect the data on everyone so that you can look for patterns of bad guy behavior. But is there another way?

This seems to prove that NIST and similar institutions and their standards should not be trusted or taken seriously in regards to security if that is your primary concern.

Anyway anything standardized is going to be relatively well known and therefore more likely to have existing exploits.

But these institutions have proven that they should not be trusted and no amount of PR should change that for prudent individuals or companies.

That's putting the cart before the horse.

The first step would be for Government to Announce Steps to Restore Confidence in Government.

"Fool me once shame on you, fool me twice shame on me" People honestly believe the government can be fully transparent ? The way they set up the FISA court is a clear indicator of its intentions from the get go.

Does the government plan to announce steps to restore confidence in the government? because at this point, that's more important to me than their plan for anything else.

Sign up now for the official Dog and Pony Show: Restoring Confidence To Our Dogs and Ponies.

> ... N.I.S.T. is also required by statute to consult with the N.S.A.”

That statute needs to be removed.

under some secret order, they are thinking the oposite

What big eyes you have grandma.

NYT lost THIS much credibility together with the US govt altogether.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact