On 12/22/05, John Young <jya@cryptome.net> wrote:
... The open competition for AES had a taint of that, and maybe a couple of hundred cryptographers knew WTF was going on and half of those were blinded by vanity and ignorance of "independence." The NDAs of participants sucked of "trust us."
this question has bothered me: why choose a cipher whose implementation in most circumstances is subject to side channels when there are others resistant to such attacks? are side channels in flawed implementations the new backdoor of choice (since insufficient key space and overt flaws are now unavailable)?
Nearly all infosec standards for military use recommend and/or require the use of tokens or other mechanical gadgets to backup passwords and biometrics which are known to be vulnerable to human weaknesses for sex, drugs, boss hatred and venality.
i don't see how hardware tokens / crypto ignition keys prevent human abuses. passwords and passphrases are useless (unless coupled with tokens and used only for liveness detection) and vascular biometrics are excellent for "who you are" type authentication coupled with physical key "what you have" based auth. this doesn't preclude the use of a single cipher though; key management has always been the bane of strong crypto.
We finally shelled out a few bucks to buy the PGP version which provides a token as a backup for passphrases. Haven't used it yet but the regular alarms about crackability of passphrases suggests there should be more than your too smart by half, too lazy by whole, brain for protection.
indeed; passwords/passphrases as sole authenticators should die. they should always be coupled with physical tokens IMHO...