Hacker News new | past | comments | ask | show | jobs | submit login

One would think the default mode of all cryptographers not affiliated to NSA would be not to trust the NSA, NSA could as well mean Eve.



One thing is not trusting the NSA, another is being asked to dismiss the work of well-know independent academics because they engaged in an open selection process run by NIST without any objective proof of technical issues.

Again, the FOIA is good, the framing and FUD is harmful and part of a pattern that might be hard to see outside the community.


> One thing is not trusting the NSA, another is being asked to dismiss the work of well-know independent academics because they engaged in an open selection process run by NIST without any objective proof of technical issues.

The selection process wasn't as open and transparent as one would like given the importance of cryptographic standards. I think we agree there, as you also think that the FOIA is good - which means that there needs to be more transparency. It took 6 years until there was proof that Dual_EC_DRBG really has a backdoor, which has been suspected since the beginning. Shouldn't we be extra cautious this time? If there was some backdoor again, it might take years before it is discovered.

> Again, the FOIA is good, the framing and FUD is harmful and part of a pattern that might be hard to see outside the community.

Could you explain which pattern you see there for us outside of the community? So far I don't see harmful FUD or a framing that is baseless, I see concerns that I feel are valid because of lacking transparency and the NSA's history of interfering with NIST's standardization processes. Why do you think that these concerns are harmful?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: