Just a few weeks after security firm RSA sent an advisory to their developer customers warning against use of a toolkit that employs an NIST encryption algorithm that is suspected to have been “backdoored” by the NSA, secure global communications provider Silent Circle has announced they will replace NIST cipher suites in their products.
“At Silent Circle, we’ve been deciding what to do about the whole grand issue of whether the NSA has been subverting security. Despite all the fun that blogging about this has been, actions speak louder than words. Phil, Mike, and I have discussed this and we feel we must do something. That something is that in the relatively near future, we will implement a non-NIST cipher suite,” wrote Silent Circle co-founder John Callas.
There is strong suspicion that the NSA “backdoored” the NIST’s random bit generator by weakening the encryption process, and the NIST is now in the awkward position of having to announce that they can not endorse their own encryption standard anymore because “recent community commentary has called into question the trustworthiness of these default elliptic curve points.”
In a statement on the matter, NIST officials said “we want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place. NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.”
Nonetheless, RSA and Silent Circle probably won’t be the last to give the NIST algorithm the cold shoulder.
“This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure. It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs,” Callas said.
Read More Here…