Re: [Cryptography] New Encryption Standard of the Russian Federation GOST Grasshopper
On Fri, Jan 2, 2015 at 1:39 PM, ianG <iang@iang.org> wrote:
On 2/01/2015 11:37 am, Eric Filiol wrote:
The Russian Federation has recently published (in Russian only) the tchnical description of its new Encryption Standard. I have translated the document into English and implemented this algorithm in C (under GPLv3). http://cvo-lab.blogspot.fr/2015/01/the-new-gost-standard-from-russian.html
*Interesting* and it would be very interesting to hear what the real cryptographers think of the Russian cryptographer's invention! Good work!
So there are no real Russian cryptos? Umm.
fair and open competition) did the net voluntarily swing to AES.
The competition was part of the swing, so was govt's saying AES(256) was good for TOP SECRET (not that they use it over their own suites), so was it's speed/hardware/simplicity.
What do people say? Should GOST be supported in SSL? Is there any merit in the "national government mandates" argument?
There are govt laws for what the govt itself will only use. (Are you going to not sell to and profit from that govt?) There are govt laws for what the populace will only use. (Are you going to jail for breaking that ban, or will you bow?) There are paths between all the laws for what obediant users can use. And rebels will use whatever they want. If you personally use crap ciphers, that's your own problem. If you support (absent force of law) crap ciphers, or more than the best few in each class such that community has no time to properly analyze them all, that's a community problem. If you don't resist crap law, crap ciphers, or the spawning of endless new ciphers of the month just because, that's a community problem.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Five things 1) Please publish suggested guid(es) here in Russian and English for how people should install and maintain Gnupg - gpg - seems like after many years that program is not getting the support it needs - so here is the fundraiser link again for it. (Look at all the payment methods!) https://www.wauland.de/en/donation.html#61 Some suggestions are in English here at only the most basic level and not dealing with any complexities, but I suggest people start talking about standards for how to reply to lists and forums as well as how to communicate amongst each other just one on one for example: https://securityinabox.org/thunderbird_main http://futureboy.us/pgp.html#GettingStarted http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ 2) I know someone here will say "off topic" but there is nothing off topic about having people address what needs to be addressed, like hopefully getting more people talking about the possibilities of learning different and better ways of strong (and hopefully easier to use) crypto. 2.a) if you don't like seeing it here please start new thread, which is probably a great idea. If questions about that, please see prior item, if that does not address the issue of OT, please see item 3 below. 3) You think this is off topic? see number 2.a above. 4) More back OT: People will use what they want to use no matter where they are in the world. There are Russians using Gnupg, but it would be not a good idea for me to say who I've observed does so. There are Russians examining this GOST thing. Russian Federation / Waasenaar arrangment (a stupid idea meant to appease people who think that gov't controls on cryptography actually have meaning or purpose) - - involves import, export, and use. Anyway, no matter what country you are in, do what you want, and take care that you are not harmed in the process, basically. And this gets back to my push for Gnupg - gpg. Using that to the best of one's ability and hopefully encouraging others to do so is going to be useful in terms of securing communications in 2015. Thank you and excuse the longish post. - -O grarpamp:
On Fri, Jan 2, 2015 at 1:39 PM, ianG <iang@iang.org> wrote:
On 2/01/2015 11:37 am, Eric Filiol wrote:
The Russian Federation has recently published (in Russian only) the tchnical description of its new Encryption Standard. I have translated the document into English and implemented this algorithm in C (under GPLv3). http://cvo-lab.blogspot.fr/2015/01/the-new-gost-standard-from-russian.html
*Interesting* and it would be very interesting to hear what the real cryptographers think of the Russian cryptographer's invention! Good work!
So there are no real Russian cryptos? Umm.
fair and open competition) did the net voluntarily swing to AES.
The competition was part of the swing, so was govt's saying AES(256) was good for TOP SECRET (not that they use it over their own suites), so was it's speed/hardware/simplicity.
What do people say? Should GOST be supported in SSL? Is there any merit in the "national government mandates" argument?
There are govt laws for what the govt itself will only use. (Are you going to not sell to and profit from that govt?) There are govt laws for what the populace will only use. (Are you going to jail for breaking that ban, or will you bow?) There are paths between all the laws for what obediant users can use. And rebels will use whatever they want.
If you personally use crap ciphers, that's your own problem. If you support (absent force of law) crap ciphers, or more than the best few in each class such that community has no time to properly analyze them all, that's a community problem. If you don't resist crap law, crap ciphers, or the spawning of endless new ciphers of the month just because, that's a community problem.
- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUp0DvAAoJEGxwq/inSG8CxxkIAKAqlg9WlIQIaz6f+IYmxGg7 HDYpH9ZJBEvi2xU5eCHAP9sFoBbDG7KrrLqG3T8cMH3CodpnxKFpoTM1aySNWN+j R6ljQ2G6Ugjl5cTGZwGTK+rQvYZoyhitX84MKd5wGCeAcQKpxYkxJANA+itRwMhQ kp+hB0AYBUdm0uAw36Z1pZx5iDhZvMGNJo3BZtNHK8UlENiK2bQwgaX10FKzYgpi npXFq7MJk9A2uQGh0zxAuc0jkFAGmxOn9QM5F1pO2ipTr7pE+CYA8WcLqkCpo6J9 Su8/xr41uuyDzE/jUndoWOZyhAuhyZ+SgGB2N0CDa9mJgCcqwQzl+0WVypFrddY= =x3GJ -----END PGP SIGNATURE-----
participants (2)
-
grarpamp -
odinn