this post was submitted on 15 Oct 2023
148 points (100.0% liked)

Technology

37739 readers
649 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] solanaceous@beehaw.org 20 points 1 year ago (1 children)

So I wrote a long-ass rundown of this but it won't post for some reason (too long)? So TLDR: this is a 17,600-word nothingburger.

DJB is a brilliant, thorough and accomplished cryptographer. He has also spent the past 5 years burning his reputation to the ground, largely by exhaustively arguing for positions that correlate more with his ego than with the truth. Not just this position. It's been a whole thing.

DJB's accusation, that NSA is manipulating this process to promote a weaker outcome, is plausible. They might have! It's a worrisome possibility! The community must be on guard against it! But his argument that it actually happened is rambling, nitpicky and dishonest, and as far as I can tell the other experts in the community do not agree with it.

So yes, take NIST's recommendation for Kyber with a grain of salt. Use Kyber768 + X448 or whatever instead of just Kyber512. But also take DJB's accusations with a grain of salt.

[–] Dark_Arc@social.packetloss.gg 1 points 1 year ago

Honestly at this point... I'd be surprised if they are seriously undermining encryption. NIST and NSA need encryption to work to protect the government itself ... they're to my knowledge not staffed by idiots, and a lot has changed since the 90s and early 2000s. Encryption is a core portion of security in 2023.