399
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Mathematician warns NSA may be weakening next-gen encryption::Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process

all 47 comments
sorted by: hot top controversial new old
[-] redcalcium@lemmy.institute 113 points 1 year ago* (last edited 1 year ago)

Daniel Bernstein (djb) is a well known and respected cryptography researcher so his claim carries a lot of weight. It's also worth noting that NIST didn't invent these post quantum encryption algorithm. Instead, they run a competition and select a winner. Djb's algorithm got a second place, so people were wondering if he's just being salty about it, though if NIST were really compromised, it's not hard to imagine they'll select a weaker algorithm as the winner instead. NIST has posted a response which might be worth a read.

Edit: added links to djb's original post

[-] AccidentalLemming@lemmy.world 47 points 1 year ago* (last edited 1 year ago)

sdfasdfsdfsd

[-] heeplr@feddit.de 28 points 1 year ago

They did it before and they'll do it again.

[-] Shadow@lemmy.ca 12 points 1 year ago* (last edited 1 year ago)

I wish I could understand that math in that thread.

I have great respect for djb, but he was an ass here.

[-] atzanteol@sh.itjust.works 7 points 1 year ago

Thanks for that link - this whole story is massively overblown clickbait.

[-] fmstrat@lemmy.nowsci.com 1 points 1 year ago* (last edited 1 year ago)

The second link has replies that even say the OPs link contains conspiracy theory. The discussion there is better than all else, IMO.

Note: not denying Dan's claim as I'm not an expert here, just reiterating what I'm reading.

[-] atzanteol@sh.itjust.works 4 points 1 year ago

Yeah - at the very list it shows that this is more "reasonable people disagreeing about a detail" than it is "OMG THE NSA IS DESTROYING CRYPTO!"

[-] fmstrat@lemmy.nowsci.com 1 points 1 year ago

I mean, DJB does mention NSA has more involvement over NIST than he expected, but that also doesn't mean their would be collaboration.

In my non-expert reading, NIST made it seem better than it was, DJB disagreed but overestimated how bad it was, and NIST "sort of" said "yea OK we may have bragged."

Either way, DJB is right to call out something being weaker than it should be. False confidence in encryption is about the worse thing that could happen in the digital age.

[-] atzanteol@sh.itjust.works 2 points 1 year ago

Yeah - DJB definitely has a point to make and deserves to be listened to. But "Mathematician has questions about crypto complexity guidelines from NIST" isn't click-baity enough.

[-] Molecular0079@lemmy.world 39 points 1 year ago

If this is true, NSA might be shooting themselves in the foot when they inevitably have to deal with Russia and China.

[-] surewhynotlem@lemmy.world 15 points 1 year ago

Just a guess, but I think they're less concerned about the giant country's surveillance of us, and more concerned about not being able to surveil the little terrorist cells.

[-] sturmblast@lemmy.world 17 points 1 year ago

or you know conversations with your healthcare providers

[-] MonkderZweite@feddit.ch 10 points 1 year ago* (last edited 1 year ago)

or the company VPNs of other continents.

[-] Zeth0s@lemmy.world 7 points 1 year ago

They probably consider that they overall lose more with strong cryptography, than the risk of other countries intercepting US communications. They must have other solutions in place to protect confident information. But they likely struggle with encryption being so widely used by anyone. Even granmas can now cover their communications without much effort

[-] waitmarks@lemmy.world 34 points 1 year ago* (last edited 1 year ago)

From what it sounds like, he’s not saying the algorithm is compromised itself, but rather that NIST is recommending a weaker version of it as sufficiently safe at (possibly) the request of the NSA. If that is the case we would know for sure pretty quickly once DISA updates their STIGs for internal use to include quantum resistant encryption. If the STIGs say to use a stronger version than NIST recommends then he was right.

[-] Treczoks@lemmy.world 31 points 1 year ago

And who is surprised by this? This is basically the NSA doing their job, nothing else.

[-] Kodemystic@lemmy.kodemystic.dev 21 points 1 year ago

We're not surprised but we do need to mention this, discuss this, people need to be aware. You won't see much of this in mainstream media except: "And here's why the end of encryption might be a good thing...".

[-] frezik@midwest.social 14 points 1 year ago

Sort of. They've worked in mysterious ways over the years. They fucked with DES back in the day (specifically, the S-Boxes, which are big tables of data used during calculations), but evidence since then suggests that they actually improved it. However, they also seem to be responsible for keeping the key length short, which meant it was inevitable that computers would eventually be fast enough to break it (which it was by the mid to late 90s).

The NSA has a dual job. They want to break encryption, but they also need to protect US secrets. Since industrial espionage is a thing, that extends to protecting the secrets of private sector companies. So they sometimes want to improve encryption, and sometimes want to put in backdoors. If you call up someone in the NSA, there's no guarantee the person your talking to will be on your side or not.

Fortunately, cryptography in the public space has advanced substantially since DES was invented.

[-] Treczoks@lemmy.world 4 points 1 year ago

They fucked with DES back in the day

Yep. I remember. IBM thought they had something new and BIG, and then came the NSA and just substituted some S-Boxes without comment. And boom, the key space got smaller.

The NSA has a dual job. They want to break encryption, but they also need to protect US secrets.

For them it is sufficient when they can happily read along.

[-] skymtf@lemmy.blahaj.zone 17 points 1 year ago

Hopefully we work around this, encryption is more important now than ever.

[-] Ultraviolet@lemmy.world 4 points 1 year ago

Doesn't the existence of key collision help? If you throw a quantum brute force algorithm at a ciphertext, wouldn't you get a long list of keys, all of which authenticate and appear to work, but for all but one of those keys, what it decrypts to is garbage?

Authentication itself is fucked, but encryption is only heavily weakened rather than completely destroyed.

[-] RubberElectrons@lemmy.world 3 points 1 year ago

Yeah but that's precisely the problem. Cut the list down to say a million choices vs quadrillions, and have a regular lower power server work through that much smaller list.

Don't forget, this is gen 1 of the quantum systems as well... Who knows what the future holds. Better to make the lock strong now.

this post was submitted on 19 Oct 2023
399 points (97.2% liked)

Technology

59312 readers
4599 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS