back to article NIST told to grow a pair and kick NSA to the curb

The US National Institute of Standards and Technology (NIST) has been urged to hire more crypto experts so it can confidently tell the NSA to take a hike. A report (PDF) from NIST's Visiting Committee on Advanced Technology (VCAT) – which scrutinizes and advises the institute – scolds NIST for being too reliant on the NSA's …

  1. btrower

    One thing right.

    Re: "Random numbers are vital in cryptography"

    Entirely correct.

    1. cd

      Re: One thing right.

      Also..."a lack of qualified personnel was a *key shortfall* for the NIST."

  2. btrower

    Sigh. So many fundamental problems

    I personally find it inconceivable that the massive failure of security all around is not by design. However, even if it is spectacular incompetence all around there is an undeniable profound fundamental flaw that even a child can see:

    We have trusted our security to our adversaries.

    One of the systemic problems that needs to be addressed is the fact that we are placing trust in too few people and the wrong people at that.

    NIST, when it comes to approving a standard in this area needs to be compelled to do it in concert with other entities entirely at arms length that at least have a chance of being honest. The NSA has no chance of being honest, but NIST by itself has already proven untrustworthy, even if it is only by incompetence. They should not be able in any way to pronounce by themselves on such a thing and arguably, beyond rubber-stamping a properly made decision, should not even have input in any core details.

    I question the incompetence because it would have to be simply astounding incompetence to have no security expert capable of seeing that the NSA could not possibly be trusted.

    When we give the ability to open a bank vault we do not give it to a single person. That would be insane. When it comes to security, security is proportional to the number of trusted entities required to gain access. It is also inversely proportional to the conflict of interest those entities may have. If, for instance, you give oversight of the CRTC to people exclusively from the telecommunications cartel, you can be pretty sure that no matter how many of them you have they will always end up casting a vote that favors their old friends in the telecommunications industry.

    In theory, if not in practice, we do not give control of bank vaults to criminals.

    I do not trust an all U.S. or U.K. solution for security of any type. End to end security is a planet-wide concern and standards need to be vetted by enough disparate entities to give some hope of security.

    As a trivial example, if I need a few random bytes for encryption, I only need to get them from one source. However, if I trust the wrong source then I am sunk. As long as I get even one single set of random bytes, I am golden. If I only use one source, that source can let me down. If use five sources, I am fine as long as any one of them is trustworthy.

    We already have examples of instances where key lengths we were told were sufficient were not. We do not need any more to show that limiting the key sizes, especially to minuscule values like 128 bits, is not optimally secure. Why is there any resistance at all to specifying arbitrary key sizes?

    If you had a trustworthy source of random bits you could encrypt a message such that, if the key is as long as the message and it is not compromised, the message is provably secure. In practice we can't secure the key absolutely, but whatever we encrypt with a truly random stream is as secure as the key. Why do we not have proper mechanisms to gain such keys and why do we have no reasonable way of securing and transmitting these keys. I expect a mediocre high school student could improve upon what we currently have.

    Practically nothing in our network universe can be secured in any meaningful sense. We should be at the stage of guarding against extreme side-channel attacks. Instead, we are stumbling around in the dark with virtually every point of entry compromised in some way.

    The specific instance of heartbleed could not be predicted in advance. However, anybody reasonably in the know had to realize that such bugs were there. Having looked at the code, I cannot imagine that they are not there still. The code involved in heartbleed could be fixed. Why is it not being fixed? Why are we instead spending massive resources getting poised to jail grandmothers because their grandchildren accessed the wrong thing on the Internet?

    Everywhere I look our security is hopelessly inadequate. If it looks that bad to me it has to look even worse to people who are accomplished at hacking into things. I am not unfamiliar with security, but I am not even close to being an expert like Peter Gutmann or Bruce Schneier or tens or hundreds of thousands of other individuals. This is not hyperbole. Hearbleed was a whopper of a breach. It should never have been possible for it to happen and yet it was inevitable. How is it possible that when anybody can reach just about any security expert in minutes from anywhere in the world that just about no decision makers can gain access to one of them?

  3. Fluffy Bunny


    Where is NIST going to get these experienced cryptographers. Remember, the broader cryptographic community are really just amateur wannabes. They have to get them from the (ex?) NSA and (ex?) KGB cryptography community.

    1. tom dial Silver badge

      Re: Seriously?

      "[B]roader cryptographic community are really just amateur wannabes" once was substantially correct. That is no longer the case. There are increasing numbers of competent cryptographers in academia and the private sector, although intelligence agencies like NSA and GCHQ almost certainly are among the best if not the best sources of cryptographic expertise.

  4. Anonymous Coward
    Black Helicopters

    You have to look at where NIST and the NSA ultimately report to...

    Both go up through their cabinet-level departments to the White House. All it takes is an order from the West Wing or the National Security Council that NIST will only hire cryptographers who are actual or effective agents of the NSA, and we are right back where we were before.

    Take the NIST, NSA and ALL other governmental bodies (U.S. or foreign) out of the standards-setting, and give it to the private IT security industry. There will still be a chance that various people working in private industry are compromised, but at least you will have more transparency into the standards-setting and documentation.

  5. Cipher

    Until key length equals...

    ...message length, no form of encryption is secure. There is one and only one mathematically proven system that is totally secure and unbreakable. Some proper implementation of the One Time Pad, in whole or in part, is the only answer to the ever escalating, ever evolving problem of attacks on crypto systems.

    1. Paul Crawford Silver badge

      Re: Until key length equals...

      Oh yes. And just how do you distribute said one-time pads securely to the world+dog for use?

      That is the point of practical cryptography, to make stuff "secure enough" while still being practical to use from a key management and encoding/decoding effort point of view. If you run a web server with limited resources, you don't really relish everyone going to 16k key lengths for access to videos of cats, etc.

      Even with 128 bit keys, if implemented properly and used by all, the effort of breaking it would overwhelm the TLAs. That is why they sought to get the private keys by other means. Of course, if targeted by a gov or major criminal organisation so a lot of resources can be target at only your messages then 128 bits is clearly not enough, but you need to put usage in to perspective.

    2. 2+2=5 Silver badge

      Re: Until key length equals...

      > Some proper implementation of the One Time Pad, in whole or in part...

      I think you'll find that a 'part' implementation of a one-time pad won't be secure.

  6. G R Goslin

    Random number

    Since a truly random number generator seems to be at the bottom of the problem, why has someone not used the most widespread random event of radioactivity to provide the input. You do not even need a radioactive source. natural radioactivity is enough. A narrow angle detector detects events, a timer ascertains the interval between events and creates a number determined by the interval. You can go on for as long as you like to creates a multi digit number which is truly random.

  7. mhenriday

    For once I agree with a Reg headline ;

    growing a pair would indeed be excellent advice for NIST. But given, as pointed out above by Marketing Hack, the superiors to whom NIST answers, it is likely that the pair would be immediately pruned. Foxes don't make good hen-house keepers....


  8. FormerKowloonTonger

    BiiiiG Pair Needed! Ready To ShooT!


    It's those inept, disorganiz[s]ed Ameddicans! [sic], yet again........they seem to be the only ones f**kin' up?...head spy ejected from Tchermany, of all places...hordes of little invaders buzzing up from Mexico....while the rest of the World moves serenely on its lovely way?

    These biases are obviously racist, sexist, and prejudiced. They simply must stop.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021