Hacker News new | past | comments | ask | show | jobs | submit login

That's not a great article. In reality, nobody thinks Speck and Simon are backdoored --- they're extremely straightforward block cipher designs with well-understood components. Unless the NSA knows something that breaks all modern block cipher designs --- in which case, why tip your hand? --- there's no place to hide a backdoor in either of these standards.

What happened here seems like a combination of two things: first, a general statement that the community is skeptical of NSA-related standards after the Dual EC fiasco, just on principles, and, second, process concerns about the way NSA interacts with standards bodies --- their work is considered poorly documented and their engagement with the academic research community (for instance, to answer concerns about flaws in their designs) is poor.




I don't see why would any Non-American company would accept any of their thoughts/designs after their sneaky backdoor prng.


They shouldn't, but at the same time, these non-American companies should at least be honest about why they're rejecting the NSA's thoughts/designs rather than hype up some vapid fear of a backdoor.

Slap NSA's hand for being abusive to the privacy of everyone, including their own citizens? We need more of that.


The back door prng wasn't all that sneaky? I would assess "don't look behind the curtain" and "nothing up my sleeves because I'm not wearing sleeves" quite differently.


So true. How about the credibility of RSA.

They should be going out of business because all their customers left in droves.

But they didn't and RSA is still an esteemed security company.

What happened when Juniper firewalls were outed by Snowden. Did we ever hear the name of the employee who backdoored their product?

Surely they use revision control and can tell who contributed what. I have to wonder if the NSA mole still works there too. Zero transparency from these "Security Companies".


What or who are the trusted entities whose thoughts or designs are acceptable?

Casting political problems against technical problems is a tough endeavor.


Because we live in a global economy where non-American companies sometimes have the US government as their customer.


Would it perhaps make sense for the NSA to have a publicly discoverable weakness here, and had no plans of using these ciphers in the US? Then the NSA could essentially get more people to use a weak cipher.

It would be a very blatant move because it'd be rather suspicious if the NSA chose not to use these ciphers. Still, the possibility might in small part contribute to this failure.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: