[cryptography] the spell is broken

Eugen Leitl eugen@leitl.org
Wed Oct 2 08:56:22 PDT 2013 

----- Forwarded message from ianG <iang@iang.org> -----

Date: Wed, 02 Oct 2013 18:41:21 +0300
From: ianG <iang@iang.org>
To: Crypto discussion list <cryptography@randombit.net>
Subject: [cryptography] the spell is broken
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

http://www.infoworld.com/print/228000

October 02, 2013
Silent Circle moves away from NIST cryptographic standards, cites NSA
concerns
The company plans to replace AES and SHA-2 with Twofish and Skein in
its encrypted communication services
By Lucian Constantin | IDG News Service

Silent Circle, a provider of encrypted mobile Voice over Internet
Protocol (VoIP) and text messaging apps and services, will stop using
the Advanced Encryption Standard (AES) cipher and Secure Hash
Algorithm 2 (SHA-2) hash functions as default cryptographic algorithms
in its products.

[ Build and deploy an effective line of defense against corporate
intruders with InfoWorld's Encryption Deep Dive PDF expert guide.
Download it today! | Stay up to date on the latest security
developments with InfoWorld's Security Central newsletter. ]

"We are going to replace our use of the AES cipher with the Twofish
cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas
said Monday in a blog post. "We are going to replace our use of the
SHA-2 hash functions with the Skein hash function. We are also
examining using the Threefish cipher where that makes sense."

The company also plans to stop using P-384, one of the elliptic curves
recommended by the NIST for use in elliptic curve cryptography (ECC).
...
Silent Circle plans to replace the P-384 elliptic curve with one or
more curves that are being designed by cryptographers Daniel Bernstein
and Tanja Lange, who have argued in the past that Suite B elliptic
curves are weak.

"If the Suite B curves are intentionally bad, this would be a major
breach of trust and credibility," Callas said. "Even in a passive case
-- where the curves were thought to be good, but NSA cryptanalysts
found weaknesses they have since exploited -- it would create a
credibility gap of the highest order, and would be the smoking gun
that confirms the Guardian articles."
...
Silent Circle's new decision to move away from AES, SHA-2 and the
P-384 curve doesn't mean that these standards are insecure, Callas
said in the blog post. "It doesn't mean we think less of our friends
at NIST, whom we have the utmost respect for; they are victims of the
NSA's perfidy, along with the rest of the free world. For us, the
spell is broken. We're just moving on."
...
Asked why Twofish and Skein in particular were chosen to be the new
default choices for Silent Circle's products, Callas said via email
that both algorithms come from trusted sources, including himself in
the case of Skein.

Twofish was a finalist in the NIST's selection of the AES cipher, and
the team that developed it included people that Silent Circle's
co-founders personally know and trust, he said. "A number of the same
people produced Skein -- which was a SHA-3 finalist -- and I am a
member of the Skein team."

For Silent Circle this was a "decision of conscience," Callas said.
"Our primary responsibility is to protect our customers, especially in
the face of uncertainty."
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list