Hacker News new | past | comments | ask | show | jobs | submit login

This is pure paranoia, I'll be the first to criticize NIST and NSA for the damage they've done to standards and to their own credibility.

But don't over-correct. You can't just call anyone who submits to NIST an NSA puppet. There is zero parrallel with the Dual EC backdoor.




Prudence sometimes looks like paranoia.

The parallel that matters is that NSA is documented as being inclined to design, allow, and promote backdoors like Dual EC to be standardized by NIST. They have no obligation to break and publish the break as Ward has done here. It’s not that the authors of rainbow are suspect, it’s that the result of the process isn’t telling us what we hope it tells us. NIST must consult with NSA by law but the law does not require NSA to help. It certainly does not require NSA to save NIST from standardizing a broken system. The Dual EC backdoor is a documented act of strategic sabotage by NSA and NIST, though we extend the benefit of the doubt to NIST.

What stands between us and additional standardized backdoors is effectively a very small number of smart academics who relative to NSA are underfunded and under resourced. Thankfully we have people like Ward breaking systems and publishing it openly. Unfortunately we have NSA funded people pushing things as well, Dragonfly and IETF come to mind here as well.

NIST standardization does not mean NSA can’t break it. Historically, we know from the Dual EC standardization that they can break it by their own design, and they let the world deploy and use Dual EC to NSA’s own advantage.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: