> Mankind barely noticed when the concept of massively organized information quietly emerged to become a means of social control, a weapon of war, and a roadmap for group destruction.
From IBM and the Holocaust by Edwin Black.
Imagine the "massively organized information" that will be available to people in power in the future. It doesn't have to be a genocide for it to be useful to them. People in power today are fully on board with "social control" and it's so uncontroversial that they talk about it openly.
> and doing what they did with Dual-EC, where it was impossible (apparently) for people to reason about what NSA was up to.
Schneier was clearly able to reason about what NSA was up to, and told everyone in 2007 not to use Dual-EC, 6 years before the Snowden revelations.
I believe you have admitted that you thought that “Dual-EC has a backdoor” was a wild conspiracy theory until the Snowden revelations? Which makes the “impossible (apparently)” part a classic case of projection.
(I thought nobody should use Dual EC! But that was my reason for thinking it wasn't an NSA backdoor, because it was too dumb to be one. I underestimated the industry's capacity for "dumb". Also: I was dumb! I am dumb a lot.)
NIST didn’t design Dual-EC, NSA did. But NIST did the really hard work, which involved slapping their organization’s name on it, and not asking any inconvenient questions.
Thankfully we found a better way that ensures cryptographic security, which is to get former NSA interns to write the PQC standards, instead of proper NSA employees.
As a shorthand for this site, I'm not distinguishing between the two organizations. Which former NSA interns are you talking about? You can get their names from the pq-crystals.org site. Which one should we not be trusting?
A wonderful question that exposes me to legal action if I answer.
A better question: why do you think so many of your cryptographic feline friendz were so excited about isogenies for the past decade? Where do you think they all obtained that identical enthusiasm from? Why do you think SIKE made it so far in the contest and only got eliminated through luck?
Your theory here is that NSA coordinated an action whereby the PQC standard selected could be broken by anybody in the world with a Python script, based on research disclosed to the public in the 1990s.
I'm guessing this isn't a conversation that's going to take us into Richelot isogenies.
You obviously know that the Python script wasn’t submitted to NIST along with the draft standard.
Is Dual-EC-DRBG fine because we never saw the FVEY Python exploit that breaks it?
I think my theory here is that NSA coordinated an action whereby they figured no one was reading obscure algebraic geometry papers from 1997. In our low-attention-span world, it’s not the worst plan.
(Hell, folks didn’t realize TAOSSA contained 0day for a long time. Simply putting something in front of the public doesn’t mean they’ll read or comprehend it.)
It is literally the worst plan, because it leaves every PQC-protected system in the world exposed to everybody in the world. It's a theory that depends on NSA just wanting to watch the world burn.
Dual EC isn't broken by an exploit script. It's broken with a secret key.
> It is literally the worst plan, because it leaves every PQC-protected system in the world exposed to _everybody in the world_.
No, it leaves every SIKE-protected system in the world exposed to _everybody who reads obscure algebraic geometry papers from 1997._ We got really lucky that the two dorks who do read those papers decided to share their insights.
For all you know, there’s a paper sitting at the Institute For Advanced Study that would let you write a marvelous pq-crystals-shattering Python script, but they’ll never tell you the combination to the safe.
(Again: TAOSSA contained 0day exploits, and few noticed for a decade.)
You seem to believe the only thing preventing people from exploiting Dual EC is not having read the right cryptography papers. No; the reason why that's not the case is plainly evident from Dual EC's structure (if that were true, the NSA would presumably have no need of Dual EC!). Our premises are too far apart to usefully discuss this.
I thought PQC systems were wrapping classical encryption within the PQC protection so even if you broke PQC you'd still be left having to crack classical. Of course some hypothetical future QC could then accomplish this task so the future proofing goal of PQC would be violated.
The proposal is to do exactly this (hybrid schemes using a pre and a post quantum scheme).
However in this context the debate is just over the PQ scheme (not the overall system). Also, NSA are not planning to mandate a hybrid system for government use. Others may do the same.
I don't know if I count as a "feline friend", but: SIDH kept the DH shape. Being able to upgrade the protocols we had relatively closely is appealing. "Structure is useful but seems precarious" wasn't exactly secret knowledge.
What people on these threads aren't prepared to grok is that cryptography engineers (even the older ones) are gothy af, and the isogeny graph diagrams all looked like black magic stuff out of the Lesser Key of Solomon. Sorry, there isn't more to it than that.
Port knocking is a ludicrous security measure compared to the combination of:
* configuring sshd to only listen over a Wireguard tunnel under your control ( or letting something like Tailscale set up the tunnel for you)
* switching to ssh certificate authn instead of passwords or keys
Does Wireguard work in such a way that there is no trace of its existence to an unauthorized contacting entity?
I used port knocking for a while many years ago, but it was just too fiddly and flaky. I would run the port knocking program, and see the port not open or close.
If I were to use a similar solution today (for whatever reason), I'd probably go for web knocking.
In my case, I didn't see it as a security measure, but just as a way to cut the crap out of sshd logs. Log monitoring and banning does a reasonable job of reducing the crap.
Before the M4 models: omg, Apple only gives you 8GB RAM in the base model? Garbage!
After the M4 models: the previous laptops were so good, why would you upgrade?
reply