Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Gov’t standards agency “s...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

backscatter712

(26,355 posts) Fri Sep 13, 2013, 07:16 PM Sep 2013

Gov’t standards agency “strongly” discourages use of NSA-influenced algorithm

Source: Ars Technica

Following revelations about the National Security Agency's (NSA) covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards. But in a little-noticed footnote, NIST went a step further, saying it is "strongly" recommending against even using one of the standards.

The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry.

As ProPublica, The New York Times, and The Guardian reported last week, documents provided by Edward Snowden suggest that the NSA has heavily influenced the standard, which has been used around the world. In its statement Tuesday, the NIST acknowledged that the NSA participates in creating cryptography standards "because of its recognized expertise" and because the NIST is required by law to consult with the spy agency. "We are not deliberately, knowingly, working to undermine or weaken encryption," NIST chief Patrick Gallagher said at a public conference Tuesday.

Various versions of Microsoft Windows, including those used in tablets and smartphones, contain implementations of the standard, though the NSA-influenced portion isn't enabled by default. Developers creating applications for the platform must choose to enable it.

Read more: http://arstechnica.com/security/2013/09/government-standards-agency-strongly-suggests-dropping-its-own-encryption-standard/


The algorithm in question uses Elliptic Curve cryptography to generate pseudo-random numbers that are supposed to be suitable for cryptographic purposes.

As it turns out, the NSA may have insisted on using an elliptic curve constant that may be of a class of constants that are cryptographically weak, meaning the NSA knows how to crack them easily.

When another federal agency is saying "Don't use this algorithm," it's time to listen!
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 7 replies, 1831 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (20) ReplyReply to this post
7 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Gov’t standards agency “strongly” discourages use of NSA-influenced algorithm (Original Post) backscatter712 Sep 2013 OP
So. What do we think about PGP? Ghost Dog Sep 2013 #1
The feds wanted to prosecute him for "export of munitions"... backscatter712 Sep 2013 #3
Yep. That was my impression, back then... Ghost Dog Sep 2013 #4
PGP and TrueCrypt are open source and all you'd ever need for safety. devils chaplain Sep 2013 #7
Here's what I think: devils chaplain Sep 2013 #6
Kicked and recommended. Uncle Joe Sep 2013 #2
^ Wilms Sep 2013 #5

backscatter712

(26,355 posts)
3. The feds wanted to prosecute him for "export of munitions"...
Reply to Ghost Dog (Reply #1)
Fri Sep 13, 2013, 09:02 PM
Sep 2013

...when he released the first versions of PGP.

I'd consider that an endorsement.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

devils chaplain

(602 posts)
7. PGP and TrueCrypt are open source and all you'd ever need for safety.
Reply to backscatter712 (Reply #3)
Sat Sep 14, 2013, 02:48 PM
Sep 2013

I have nothing illegal to hide, but it is appalling to me that digital privacy is somehow not considered a right. That is not a good precedent.

My public PGP key is in post 6 below and also in my profile, feel free to test your own PGP to say hi!

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

devils chaplain

(602 posts)
6. Here's what I think:
Reply to Ghost Dog (Reply #1)
Sat Sep 14, 2013, 02:42 PM
Sep 2013

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.21 (MingW32)

mQENBFIs9qIBCACwOb7W/r+sWxUzvobYq23asiZrBgZMU97lJUwYo1y0ScfRWkou DUi9fALnmwLzOo9Lrzq3UCKjbklZmfGRnsv9eQxfBjuZapDEs6Zl+WYx4NqAc2jj xmvMYs+WLqqsiLkTJ3jhNeWRL1vCF5p21RPT5q7VV0V6oncyUZPzqemR0uhV7M5/ 5HhbGc8AsSNVFFA1pIgliSPC1dmUco6i2ZvXf5LSN2030lCopsX8kOKz7X1DXxPt 3owTYv4DOT8s7wP81C194SZCVU/AtXsCOY9pInQzJvgYfeETdPOsSXCv/ZjKPrtJ sUV238tX1NYUZOnMI/aq1YzpwxzDyt0SojxxABEBAAG0HXByaXZhdGUgPHByaXZh dGVAcHJpdmFjeS5jb20+iQE5BBMBAgAjBQJSLPaiAhsPBwsJCAcDAgEGFQgCCQoL BBYCAwECHgECF4AACgkQehANNypq+CwFYQf/bgZod8vw+a7jIiC83f7DvMOE+ZmC yFUr10HsaTiycCpJwP9r0anpyIs6+G+UAopiVa1G0+TzYpKlJeBnfGjOSwRIA6bC mSa2LQflZ2wEI1IH62zmuuiy/0Yyjme2CctVEcDU41oH1JcDRg6Ql+qXlTZjllsV LGg/XcGh3cPSrGlNT1uY8iFxeqGvm2KWT7++ymGQ3Lrew2rI7Td5XSkLltEShubD vOqKI6kFAPoHiWZbhG8EjqoQnbVLjI4Fp3f3LsRFh32SQg6dDEetYPRttSOf0okq O2UIFkqnUHe77CXGBrMbF1WbpxeLhgtoUu3hKyOiSzEzG75QkbIo7sGR/A== =Qppr
-----END PGP PUBLIC KEY BLOCK-----

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Latest Breaking News»Gov’t standards agency “s...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.