request for leaks: standards for secret (not published) true hardware random number generator requirements used by NSA

coderman coderman at gmail.com
Sat Jan 25 15:06:36 PST 2014


On Sun, Jan 19, 2014 at 8:49 PM, coderman <coderman at gmail.com> wrote:
> ... could this be true by tweaking constants and
> growing key bits?
> AES ~= MEDLEY
> ECDSA ~= SHILLELAGH
> ECDH ~= BATON
> SHA ~= SAVILLE
> ADH ~= WALBURN
> TRNG ~= JOSEKI-1


as linked, there are clues from PKCS interop which tell us about:

BATON: block cipher in use since at least 1995. 320-bit key and uses a
128-bit block in most modes, and also supports a 96-bit ECB mode. 160
bits of the key are checksum material. It supports a "shuffle" mode of
operation, like the NSA cipher JUNIPER. It may use up to 192 bits as
an initialization vector, regardless of the block size.

SAVILLE: used for voice? 128-bit key, two modes?


and per http://cryptome.org/poet-acm.htm
 some others?

ACCORDION
FIREFLY
KEESEE
MAYFLY
SHILLELAGH
WEASEL

(perhaps that last a stream cipher? ;)



More information about the cypherpunks mailing list