Parodia
  • Communities
  • Multi-communities
  • Support Lemmy
  • Search
  • Login
  • Sign Up
Technology@lemmy.worldbybeep@piefed.world
5 days

NSA is sabotaging cryptographic standards to weaken it. Act now to stop it.

nsa.2026.action.cr.yp.to English

cross-posted from: https://piefed.world/c/tech/p/1235129/nsa-is-sabotaging-cryptographic-standards-to-weaken-it-act-now-to-stop-it

6
    You must log in or register to comment.

    • farcaller@fstab.shEnglish
      5 days

      You probably want to mention that some prominent cryptographers think this just astroturfing?

        • Arghblarg@lemmy.caEnglish
          5 days

          Sure, but lots of people thought it was crazy conspiracy thinking that the NSA backdoored certain Elliptic Curves CSPRNGs years ago… yet it turned out they in fact did, and successfully, and it took years to come out. Whether or not some ‘threat model’ applies to the situation.

          The chances of a normal person being targeted by some obscure NSA backdoor is very low, certainly; but that doesn’t refute the historical fact that they do try to subvert standards processes.

            • mlg@lemmy.worldEnglish
              5 days

              I think it’s funny to think that the NSA has probably defeated RSA and those sketchy ECDSA curves, but they still haven’t broken AES because its symmetric.

              that they do try to subvert standards processes.

              This is why RSA is considered weak even at 4096. No hacker or APT is gonna break it but the NSA probably can and probably has, even if it was some loophole implementation bug.

              When you assume nation state funding and leverage, a lot of baseline security standards go out the window.

            • spamfajitas@lemmy.dbzer0.comEnglish
              5 days

              I’m more inclined to trust the person using furry comics to explain their reasoning, tbh.

            • 🇨🇦 tunetardis@piefed.caEnglish
              5 days

              I find it mildly annoying that while the post is replete with hyperlinks, the 2 central terms “ietf-tls-mlkem” and “ietf-tls-ecdhe-mlkem” are simply quoted with no further elaboration.

              I am no cryptographer, but after some searching around, my very first order understanding is that mlkem is a new algorithm that is meant to be resistant to attacks by a quantum computer. It is not time-tested at this point, however, while ecdhe is a current (albeit quantum-computer-weak) algorithm that has a solid track record.

              Using both in combination is seen by some as a safer way to move forward, since mlkem may yet prove to have a fatal weakness and at least you have that fallback on the tried and true. Advocates also point out that ecdhe is cheap to compute compared to mlkem, and so the overhead of tossing it in there is not the end of the world?

              Anyway, that’s all I’ve been able to glean so far.

                • Manjushri@piefed.socialEnglish
                  5 days

                  My assumption is, if the NSA is pushing for a standard, it is not the standard that security conscious people would want adopted.

                Technology@lemmy.world

                technology@lemmy.world

                Subscribe from remote instance

                Create post

                Report community

                Modlog
                You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world

                This is a most excellent place for technology news and articles.


                Our Rules


                1. Follow the lemmy.world rules.
                2. Only tech related news or articles.
                3. Be excellent to each other!
                4. Mod approved content bots can post up to 10 articles per day.
                5. Threads asking for personal tech support may be deleted.
                6. Politics threads may be removed.
                7. No memes allowed as posts, OK to post as comments.
                8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
                9. Check for duplicates before posting, duplicates may be removed
                10. Accounts 7 days and younger will have their posts automatically removed.

                Approved Bots


                • @L4s@lemmy.world
                • @autotldr@lemmings.world
                • @PipedLinkBot@feddit.rocks
                • @wikibot@lemmy.world
                Visibility: Public

                This community is visible to everyone.

                • 0 users / Day
                • 8.3K users / Week
                • 12.1K users / Month
                • 12.2K users / 6 months
                • 931 posts
                • 17.3K comments
                • 1 local subscriber
                • 86K subscribers
                • Mods:
                • L3s@lemmy.world
                • BE: 1.0.0-beta.1
                • Modlog
                • Legal
                • Instances
                • Docs
                • Code
                • join-lemmy.org