There’s been no shortage of discussion and debate in recent week about the possibility that the NSA has intentionally weakened some cryptographic algorithms and cipher suites in order to give it an advantage in its intelligence-gathering operations. If you subscribe to the worst-case scenario line of thinking, then most of the commonly used ciphers are compromised. If you’re more optimistic, then you tend to think that maybe the NSA has some private capabilities against encryption protocols and is exploiting them. However, Jon Callas, co-founder of Silent Circle, which announced Monday that it was moving away from potentially compromised ciphers, said that it really doesn’t matter whether the NSA has done this, because the damage has been done.
“This issue that we’re dealing with now is, can we trust any of this?” Callas said in an interview. “It really boils down to, they’ve said they’ve tried to break things, so have they done that or not? If you’re going to look at it from a realistic point of view, it really doesn’t matter whether they did it. It’s as much about the NSA undermining confidence.”
Silent Circle, a provider of secure messaging systems, made the decision to replace AES and SHA-2 in its products with Twofish and Skein, respectively. AES and SHA-2 both were part of competitions sponsored by the National Institute of Standards and Technology and recent revelations have shown that the NSA may have exerted some influence on the NIST standards process in some cases. It’s not known which protocols may have been affected, and that uncertainty is part of what drove Silent Circle’s decision, as well as the debate in the security community about what actions to take, if any.
Callas, a cryptographer and former founder of PGP Corp., said that Silent Circle had been thinking about this move for a few weeks before the announcement and that the technical implementation would not be difficult. For companies such as Silent Circle, whose customers depend on the security and confidentiality of the products, the issue comes down to removing doubt from its customers’ minds. But for the rest of the Internet community, there are other issues to consider as it relates to the security of some of the elliptic curves designed by NIST and the NSA.
“The thing that would be the most likely, and in some ways the scariest, is what if, in good faith, the NSA created these curves in good faith and then the mathematicians there found issues with them they’re weaker than anybody thought,” Callas said. “There are things that we’ve discovered about elliptic curves in the past. If the NSA knew that these curves were weaker that we thought, does it matter?
“The defense we’ve always had in the past is that the crypto the NSA recommended was the same stuff they used to protect top secret data, so we could always say, Well, would they shoot themselves in the foot, too? Now, it seems perfectly plausible to me that if the intel side of the house found something that gave them an advantage over everybody else, they would keep it from the other side of the house. Now we’re really wondering if maybe they would shoot themselves in the foot on purpose.”
The ciphers that Silent Circle is planning to use in its products going forward both were designed independently, something that Callas believes will be important for the company’s customers going forward.
“There have always been people who haven’t trusted the standard things, and even the NIST people have would say, if you don’t trust it, go use these other finalists over here that are intellectual property free,” he said. “That got me thinking. We have to find our way through the legitimate mistrust that starts to resemble a hall of mirrors in a bad 1960s spy movie.”
Image from Flickr photos of HarshLight.