NIST's Ridiculous Non-Response Response To Revelation That NSA Controlled Crypto Standards Process
from the that's-not-going-to-calm-anyone-down dept
One of the key revelations from last week, of course, was the fact that the NSA surreptitiously took over the standards making process on certain encryption standards. Here was the key revelation:Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.It took NIST a few days to figure out a response to this, but it's now been posted, and it says... basically nothing at all. Let's go through it piece by piece.
"Eventually, NSA became the sole editor," the document states.
Recent news reports have questioned the cryptographic standards development process at NIST. We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place.Um, except that as the leaks revealed, that's not actually true. The NSA was the "sole editor" of the standard. So claiming that the standards are rigorously vetted is simply false. Furthermore, as John Gilmore recently revealed, concerning IPSec, the NSA made sure that the standards were so complicated that no one could actually vet the security.
NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.That's not a response to the charges at all.
NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA.In other words, yes, the NSA is involved -- which was not a secret. But what was a secret, and what NIST does not even begin to address, is the idea that the NSA took control of the standard and became its "sole editor."
Recognizing community concern regarding some specific standards, we reopened the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C to give the public a second opportunity to view and comment on the standards.Again, that does little to address the specific questions raised. If the standards are designed by the NSA in a manner that makes the security aspect inscrutable to even the most experienced cryptographers without simplifying the standard, then that's not doing any good.
If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible.Yes, but the "cryptographic community" seems to include the NSA... sometimes in key positions.
Basically this is a total non-response to the revelations from last week. It's just NIST saying "yes, we work with the NSA, but you have nothing to fear" without giving any basis to support the end of that claim.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, nist, nsa, nsa surveillance, standards
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The "US" under the Articles of Confederation was rather weak by their own admission, but that weakness at the UN is apparently an asset given how diverse is each member.
Everyone loves government when it comes to protecting their own personal set of "these are the best" laws, but hates it when it compromises in order to serve a larger constituency.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Statutes like this bug me...
[ link to this | view in chronology ]
Re: Statutes like this bug me...
[ link to this | view in chronology ]
Re: Statutes like this bug me...
The question I have is not who is the editor of any given standard (which btw can be ignored by the private sector in many cases) but would the NIST allow the spec to be changed when the community shows weaknesses. Does anyone know of a case where they have not done that?
If people find flaws, point them out and the spec can change. If the spec is complex, don't use it. There is already the parallel stds from places like Internet RFCs (IETF).
If the government wants their own minimal level of stds they feel comfortable with, eg, for government contracts, what is the beef? Again, is there actual evidence of NIST or NSA pushing a purposely weak std onto everyone by law and not backing from it? Because if people want to have laws that allow everyone to have super encryption and that would not be available without a law change, then that can be addressed in the US form of government.
I feel like I'm hearing that the sky is falling just because the NSA is involved somehow.
[ link to this | view in chronology ]
Re: Re: Statutes like this bug me...
To be fair, the article's motivation is anger at the NSA for trying to add back doors and then removing any benefit of the doubt that the NIST is working with a different agenda (than the NSA) more in line with what a traditional standards body might desire.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
They never claimed that the process was properly utilized, merely that it was in place. They also claimed the process was transparent and public, but never once claimed that it was simple enough to be understood even by most experts.
I also note carefully crafted language in the rest of the response about participation, the ability to view and comment, and that issues will be addressed (but addressed doesn't mean actually rectified) but nowhere do I see a claim that the NSA isn't the sole arbitrator or that anyone else has actual authority in the final decision making process.
[ link to this | view in chronology ]
cRYPTOLOGY
something to think about..
WHICH is faster?
Straight unencrypt site to site..Plane to plane, place to place?
BASIC encrypt, that compresses data and allows for Faster connections?
HEAVY DUTY, SOLID CORE encryt? Where the TIME needed to encrypt/SEND/decrypt takes TIME..AND the SIZE will probably be larger then the original material.
Basic encrypt, which is MOSTLY packages/letters/email type stuff...Is fairly easy..and is fairly quick and easy.. but BOTH locations must have the keys.
Heavy duty? does some interesting things, and adds FILLER that isnt part of the data just to mess things up.
The difference is like a 4 digit number (0-9) compared to a code that is 16-256 digit/characters/symbols (a-z/A-Z/0-9/!@#$#^%&*^(){}":/?., and about 100 more characters..
16 characters to the ^246 power...
[ link to this | view in chronology ]
Re: cRYPTOLOGY
Time takes time? ECA, you're losing it.
"AND the SIZE will probably be larger then the original material."
ECA, you're clueless.
"Basic encrypt, which is MOSTLY packages/letters/email type stuff...Is fairly easy..and is fairly quick and easy.. but BOTH locations must have the keys.
Heavy duty? does some interesting things, and adds FILLER that isnt part of the data just to mess things up."
More bullshit.
"The difference is like a 4 digit number (0-9) compared to a code that is 16-256 digit/characters/symbols (a-z/A-Z/0-9/!@#$#^%&*^(){}":/?., and about 100 more characters..
16 characters to the ^246 power..."
UTTER bullshit. Serious encryption, like AES256, AES1024, etc. adds NOTHING extra. Encrypted message size = plaintext message size.
Why can't idiots who KNOW NOTHING just shut the hell up? Faaack...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Seriously this is just beyond insulting now.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This is just a standard corporate BS.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Keep it up, Techdirt
I'm sure there are a lot of tech stories that the editors of Techdirt would rather be talking about, but this is by far the most important issue facing us.
I'm surprised, and pleased at some of the places I'm finding links to Techdirt stories about this issue. People ARE taking notice, and this is not just a story of the day that's going to go away tomorrow.
Thank you for spending time on this instead of just passing along another meaningless Apple product roll-out press release, as some tech sources seem to be doing today.
[ link to this | view in chronology ]
Ok, what's next
So as a Private Citizen (or is it suspect???) What's my best choice in NSA free Encryption?
[ link to this | view in chronology ]
Re: Ok, what's next
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I don't read it that way.
I see that as an opportunity to raise certain concerns. Such as the ones Mike pointed out:
If the standards are designed by the NSA in a manner that makes the security aspect inscrutable to even the most experienced cryptographers without simplifying the standard, then that's not doing any good.
Yes, but the "cryptographic community" seems to include the NSA... sometimes in key positions.
They claim to be listening to "concerns". What remains to be seen is whether
they will actually act on these concerns.
More interesting is whether they'll try to immediately address the "NSA
personel in key positions" of their standards process. They may wish to
consider that in order to avoid any *appearance* of impropriety.
Doing that may help in the acceptence of their standard. I do not think
they wish to be known as the standards body saddled with the negative
aspects of a "Approved by the NSA" reputation.
Think ISO and OOXML.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
the only good america is a dead america
[ link to this | view in chronology ]