----- Forwarded message from Billy Gray <wgray@zetetic.net> ----- Date: Tue, 10 Sep 2013 14:32:02 -0400 From: Billy Gray <wgray@zetetic.net> To: Aaron Lux <a@aaronlux.com> Cc: Guardian Dev <guardian-dev@lists.mayfirst.org> Subject: Re: [guardian-dev] pgp, nsa, rsa Do you guys follow Matthew Green? Great stuff: http://blog.cryptographyengineering.com/2013/09/on-nsa.html http://blog.cryptographyengineering.com/2013/09/a-note-on-nsa-future-and-fix... I think he does a good job of breaking down what's in these recent reports. It's a good thing to send to people who read the NY Times report and think that all crypto is now broken (like a friend of mine asked me at NWC yesterday). And then there was this: http://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-taked... One more question: any of y'all used libTomCrypt? We have an experimental implementation of it in SQLCipher. Open-source alternatives to OpenSSL could use some love. DJB's NaCl is neat, too. Curious if you guys are leery of relying so heavily on OpenSSL, given the above. http://libtom.org/?page=features&newsitems=5&whatfile=crypt http://nacl.cr.yp.to Cheers, Billy On Tue, Sep 10, 2013 at 11:17 AM, Aaron Lux <a@aaronlux.com> wrote:
NSA’s mission includes deciphering enciphered communications is not a secret, and is not news*. I am concerned the nytimes.com article will have the effect of causing the public to lose trust in all encryption including open-source algorithms. Hopefully people realize reviewing source code for encryption algorithms** is much more relaxing than reading the NY Times.
* nsa.gov states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”
** ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2 and
http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar....
Look at the top and bottom of every page: TOP SECRET//SI//TK//NO FORN. This is a secret document.
Cheers, Michael
_______________________________________________ Guardian-dev mailing list
Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net
You are subscribed as: wgray@zetetic.net
-- Team Zetetic http://zetetic.net _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5