Want To Avoid NSA-Corrupted Crypto? Get Thee To The Geeks

If you break something, you almost always pay a price. Or die before you have to.

The NSA broke encryption algorithms and shoved them out into the world, harming the security of the Internet in general, according to reports. Super slow clap there. But what price will the intelligence agency pay?

It doesn’t care too much about being widely despised. It has always been thus, no? The biggest price will be the degradation of its ability to intercept and decode messages. That’s because anyone who really cares about privacy will never trust anything the NSA puts its mitts on.

That is why Silent Circle, co-founded by PGP legend Phil Zimmerman, is working with insanely smart mathematicians to forge new methods for elliptic curve cryptography.

Moving on from NSA-approved encryption

In a fantastically anti-establishment blog post (one which quotes musician Richard Thompson and fantasy writer James Branch Cabell), Silent Circle’s other co-founder Jon Callas fretted about pieces of cryptography the NSA is believed to have toyed with – Dual Elliptic Curve Deterministic Random Bit Generation and elliptic curve mathematics in NSA Suite B.

The NSA was accused of subverting encryption standards and having them delivered to the world via the National Institute of Standards and Technology (NIST). Silent Circle’s answer to this, Callas said, is to implement a non-NIST cipher suite.

It said it would be replacing its use of AES with a different cipher called Twofish, a symmetric key block cipher that was never adopted as a standard. It will also stop using the SHA-2 hashing algorithms, instead using Skein, which Callas helped design. But the most exciting thing is that it is working on fresh approaches to elliptic curve cryptography, which it will be sharing with the world in the “relatively near future”.

“The old cipher suites will remain in our systems. We’re not going to get rid of them, but the new ones will be the default in our services,” Callas added. “We understand there are gentlepersons who will disagree with our decision, so we’re not completely getting rid of the existing crypto.

“It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims the NSA’s perfidy, along with the rest of the free world.”

Schneier would be impressed

This is exactly the kind of response to the NSA leaks that fellow crypto hero Bruce Schneier, who helped design the Twofish cipher, was calling for. Engineers, removed as far as possible from government, are the ones who can now create and spread ciphers as far and wide as possible, making the Internet secure again.

If they can create new forms of the NSA’s much-beloved elliptic curve cryptography – which is based on the extreme difficulty of finding the “discrete logarithm” of some randomly chosen point on an elliptic curve – the likes of Silent Circle will no doubt be laughing their backsides off.

But Silent Circle remains a small organisation, one that gains a lot of money from private businesses and public sector organisations. To get us to the point where Schneier and many others want us (i.e. where encryption can be trusted again), all vendors with a privacy conscience should either follow in the footsteps of Zimmerman and Callas or get in their own crypto geeks to implement non-standardised encryption, sharing it with whomever they choose.

The answer for those who want to avoid the NSA’s all-seeing eyes, it seems, is for organisations to stop treating encryption as some esoteric art, embrace it and support as many forms as possible. Want to do it right? Do it yourself, or get yourself a geek.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

23 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

17 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago