Remix.run Logo
some_furry a day ago

> But if I am honest, NIST recommending it at all is enough to suspect it of being compromised.

NIST isn't the NSA and doesn't have the NSA's goals in mind. They are briefed by NSA on some matters, sure, but they're not the same organization.

NSA has a dual mission: Both SIGINT and COMINT. While the SIGINT folks might rub their hands and laugh evilly at the prospect of backdooring the PQ KEM that the Internet wants to move towards, this plot makes no sense at several levels.

The NSA has, through CNSA 2.0, committed to moving the entire federal government onto ML-KEM for top secret communications. The COMINT guys would shit themselves in rage if it turned out to be backdoored, even if there was enough hubris that the backdoor was NOBUS.

If you can't trust the people, you should always seek to understand their incentives if you want to predict their behavior.

My interpretation of the CNSA 2.0 move was that the NSA believes 1) that ML-KEM is actually the good stuff, and 2) the Suite B transition failed so spectacularly that they want to signal confidence in ML-KEM by recommending it without hybridization. Since pretty much everything they do is top secret, they probably can't comment further.

leonidasrup 21 hours ago | parent | next [-]

In the past NSA has weakened encryption standards, for example NSA madified DES standard. The NSA pushed backdoored design of Dual_EC_DRBG was standardized in NIST SP 800-90A.

"Weaknesses in the cryptographic security of the algorithm were known and publicly criticised well before the algorithm became part of a formal standard endorsed by the ANSI, ISO, and formerly by the National Institute of Standards and Technology (NIST). One of the weaknesses publicly identified was the potential of the algorithm to harbour a cryptographic backdoor advantageous to those who know about it—the United States government's National Security Agency (NSA)—and no one else. In 2013, The New York Times reported that documents in their possession but never released to the public "appear to confirm" that the backdoor was real, and had been deliberately inserted by the NSA as part of its Bullrun decryption program."

https://en.wikipedia.org/wiki/Dual_EC_DRBG

"NSA worked closely with IBM to strengthen the algorithm against all except brute-force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key"

https://en.wikipedia.org/wiki/Data_Encryption_Standard

The NSA published algorithms are not used for the important US secrets. For these system the classified algorithms of NSA Suite A are used.

https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography

NSA Suite A was probably used for Space Shuttle comunication. NASA scrambled to recover classified communications gear after the Challenger shuttle disaster in 1986.

https://www.globalsecurity.org/org/news/2003/030206-comsec-s...

some_furry 20 hours ago | parent [-]

> In the past NSA has weakened encryption standards, for example NSA madified DES standard.

They made DES more secure against differential cryptanalysis (a method that was classified at the time DES was being designed). Sure, the whole "make the keys 56-bit instead of 64-bit" is a weakening, but differential cryptanalysis would have broken the entire fucking cipher if they didn't prevent it by selecting a secure S-box.

> The NSA pushed backdoored design of Dual_EC_DRBG was standardized in NIST SP 800-90A.

Correct, which another threat actor used in a backdoor by replacing the public key.

I'm not arguing that NIST isn't vulnerable to NSA influence. I'm arguing that they are not the same entity and do not have the same goals or incentives.

I'm not an NSA defender. https://furry.engineer/@soatok/116854899284071513

grayhatter 21 hours ago | parent | prev [-]

You're argument is that I shouldn't think of NIST as a patsy for the NSA, is because the NSA can't possibly be recommending a compromised cipher, because if they were, that would mean this US government org is horribly defective and dysfunctional, where one side didn't know what the other was doing?

Incentives are basically all I consider when trying to establish true motive. But you're not required to consider motive when there's a history or pattern. Even if "It's the way we've always done it", wasn't a much, much stronger motive than thought/reason is for any human. It's both logical and desired to treat something as the most dangerous until proven otherwise.

I used to be a nurse. I remember when working in the ED, I was taught that every single woman on childbearing age who comes into the ED with abdominal pain is an extopic pregnancy until proven otherwise. If you ask a woman if it's possible she could be pregnant, regardless of the truth, many will claim it's impossible. If you blindly trust them, and delay treatment, you could needlessly kill your patient, or leave them infertile. Why would someone lie and risk that? Or how dare your medical team make assumptions like that? Well the alternative is worse, the reality should be easy to prove.

NIST has a history of recommending broken ciphers. That's not a mistake a professional would ever make. So thinking about incentives, I'm going to treat it like it was intentional. Here the group with a history for fucking up, isn't being transparent. I would love it if NIST would say enough to make DJB happy or at least stop pretending like they deserve any trust anymore.

Until then, I don't find "they're probably behaving like rational actors" compelling enough to trust them with keeping secrets from somebody who I actually do trust.

some_furry 20 hours ago | parent [-]

> You're argument is that I shouldn't think of NIST as a patsy for the NSA,

Incorrect. My argument is that they aren't the same entity.

The thing you said is a whole different argument. "I like waffles" "So you hate pancakes" is happening.

> Incentives are basically all I consider when trying to establish true motive. But you're not required to consider motive when there's a history or pattern.

Yes you are. You need to consider both factors. Why render yourself willfully ignorant? That's not how you arrive at truth.

philodeon 17 hours ago | parent | next [-]

> Incorrect. My argument is that they aren't the same entity.

Your mind is going to be blown when you learn about proxy organizations and cut-outs.

some_furry 17 hours ago | parent [-]

NIST does a lot of things that have nothing to do with computer security!

Would you indict NIST MEP https://www.nist.gov/mep/about-nist-mep as being an NSA project without evidence?

philodeon 17 hours ago | parent [-]

The Godfather Part 2 demonstrated overwhelmingly that a good part of Vito Corleone’s ill-gotten gains went to strengthening his community. The Italians in his neighborhood adored him.

some_furry 16 hours ago | parent [-]

What does a work of fiction have to do with whether two distinct government entities are the same thing or not?

That's beyond moving goalposts. Just take the L, dude.

philodeon 16 hours ago | parent [-]

I was making the point that if you have subverted the NIST to do your bidding in what appears to be a neutral way, obviously you’re going to have some feel-good projects in your portfolio. Otherwise, the folks that the Soviets called “useful idiots” wouldn’t have anything to point to to exonerate them.

some_furry 16 hours ago | parent [-]

You're all over the place except where the discussion was actually taking place.

philodeon 16 hours ago | parent [-]

Ok, let me be clear: the NIST is a proxy organization for the NSA. The declassified internal history of the NSA makes it clear that they were subverting the NIST back when they were still called the National Bureau of Standards.

Just because NIST engages in some wholesome activities doesn’t mean that their core purpose isn’t to do the bidding of the NSA.

grayhatter 7 hours ago | parent [-]

> Just because NIST engages in some wholesome activities doesn’t mean that their core purpose isn’t to do the bidding of the NSA.

Their core purpose is to recommend standards that everyone can use, and anyone who wants to work with the US government is expected to follow. They have to pick standards for everything, but can't have experts in everything on staff, so are required to defer to other experts willing to help. The NSA took advantage of them. I find the idea that NIST wants to be a lackey to the NSA, stupid. It's ignorance and incompetence that lead NIST to getting duped by the NSA. The problem is, not getting dupe is literally, their *only* job.

It's like hiring a firefighter to protect you and then they set your house on fire; it doesn't matter so much why you don't have a house anymore... you just sure a hell are never letting him near anything important every again.

You're allowed to treat gross incompetence as equivalent to intentional malice, without needing to make something up about how it was intentional.

grayhatter 11 hours ago | parent | prev [-]

> Incorrect. My argument is that they aren't the same entity.

Did I claim they were the same?

> The thing you said is a whole different argument. "I like waffles" "So you hate pancakes" is happening.

uh.... you started it? What are we even doing? I'm not above this kinda comment, but I kinda assumed you were? I'd be interested if you have a take I haven't considered; but not if we're just going to try to make straw man of the other.

> Yes you are. [required to consider motive]. Why render yourself willfully ignorant? That's not how you arrive at truth.

I'm not looking for a pure truth. I'm just looking for a heuristic that's just functional enough to keep me, and my data safe. I don't even want to make a perfect is the enemy of good argument. I'm just pointing out, where my line is. I lack the maths knowledge, practical experience, fucks left to give, and spoons remaining for the things I want to spend my time one. Evaluating every bit of information I could possibly gather, and witholding and judgement is a cute idea, but I've got better things to do. NIST has in tandem with the NSA, lied, and shipped a broken crypto system. Let's pretend I don't consider that to be permanently disqualifying, resign, stand up a completely new group from scratch, black tag/non-salvageable. They've burned the default good will everyone starts with, and then peed on it for good measure. Now they're hiding information AGAIN?!

Nah, I could waste my time trying to find the objective truth. Or I could give NIST the finger, and say, make the person with the remaining good will and trust and fucks left to spend on NIST happy. Only then come back to me. Until then, I refuse, and for the same reason I refuse to review LLM PRs; I'm trying to do things, and [they] are trying to DoS my brain.

Ideally, you'd stop helping [the them], or answer the remaining objections line by line, and publicly? Then I'd have someone else with enough good will that I can trust. Because NIST is doing the opposite if they want my confidence.