[Discuss] Encrypt Everything?
Edward Ned Harvey (blu)
blu at nedharvey.com
Thu Sep 12 21:28:32 EDT 2013
> From: markw at mohawksoft.com [mailto:markw at mohawksoft.com]
>
> Random number generators may be more predictable than we once
> thought,
> specifically if the NSA has artificially limited there effectiveness. We
> know SHA1 has been broken. We know that MD5 is long gone. We know that
> SHA2 may be close to being broken.
Define "broken."
In cryptography, "broken" means it exhibits any characteristic that deviates from ideal. This could mean that an algorithm is vulnerable to brute force decryption or generation of collisions in 2^127 operations instead of 2^128.
In particular, even the most strongly "broken" thing mentioned - md5 - is broken because collisions were found in the underlying compression algorithm, and while no known attacks exist, they are assumed to be forthcoming some year. Faster if anyone cares, which is why they say nobody should be using md5 for cryptographic purposes anymore.
> Those are the most expensive methodologies. If as hinted by the Snowden
> info, the NSA has surreptitious weakened encryption "systems" you may
> have
> a far less encrypted data stream than you expect.
True, the NSA sabotaged some RNG algorithms in NIST, but those were discovered and exposed by peer community review before any widespread adoption. That's the point of a public open competition.
More information about the Discuss
mailing list