this post was submitted on 13 Oct 2023
572 points (98.6% liked)

Technology

71716 readers
3316 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
572
Mathematician warns US spies may be weakening next-gen encryption (www.newscientist.com)
submitted 2 years ago by RobotToaster@mander.xyz to c/technology@lemmy.world
44 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] otter@lemmy.ca 199 points 2 years ago (14 children)

Relevant bit for those that don't click through:

Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for “post-quantum cryptography” (PQC). He also believes that NIST has made errors – either accidental or deliberate – in calculations describing the security of the new standards. NIST denies the claims.

“NIST isn’t following procedures designed to stop NSA from weakening PQC,” says Bernstein. “People choosing cryptographic standards should be transparently and verifiably following clear public rules so that we don’t need to worry about their motivations. NIST promised transparency and then claimed it had shown all its work, but that claim simply isn’t true.”

Also, is this the same Daniel Bernstein from the 95' ruling?

The export of cryptography from the United States was controlled as a munition starting from the Cold War until recategorization in 1996, with further relaxation in the late 1990s.[6] In 1995, Bernstein brought the court case Bernstein v. United States. The ruling in the case declared that software was protected speech under the First Amendment, which contributed to regulatory changes reducing controls on encryption.[7] Bernstein was originally represented by the Electronic Frontier Foundation.[8] He later represented himself.[9]

source; https://en.wikipedia.org/wiki/Daniel_J._Bernstein

[–] spaxxor@lemmy.world 34 points 2 years ago* (last edited 2 years ago) (4 children)

Sadly not new. The USA considers encryption to be a weapon of war (thanks Germany), so they do whatever they can to interfere with it. If you are making a new encryption scheme it will be illegal if the government doesn't have an easy way to break it.

Edit: the guy that made pgp got in a stink with the government if memory serves they tried to bop him with something to do with itar.

[–] Touching_Grass@lemmy.world 15 points 2 years ago* (last edited 2 years ago) (1 children)

I have a pet theory that a lot of our passionate "movements" that get us all angry and upset are only those movements that benefit someone powerful.

I see stuff like this and think, "well that's another coin in that jar"

Like this should piss so many people off. Its something enough people know about. It's something that you would think would have all kinds of groups up in arms about. Like ask any self respecting 2A enthusiasts if the government should keep skeleton key to every lock in their house.

But at least there is Daniel Bernstein

[–] guacupado@lemmy.world 2 points 2 years ago (1 children)

I, too, just finished watching Rabbithole.

[–] Touching_Grass@lemmy.world 2 points 2 years ago

Confused Kiefer Sutherland noises

[–] otter@lemmy.ca 7 points 2 years ago* (last edited 2 years ago)

it will be illegal if the government doesn’t have an easy way to break it

Aren't there a lot of existing standards already can't be broken easily (by anyone)? That's why we have all these recent attempts to force backdoors into encrypted apps

Or is it just extra scrutiny if you're trying to make a new one

[–] Blackmist@feddit.uk 4 points 2 years ago (1 children)

They seem to have calmed that down in recent years, and rely on the dumb public to store all their secrets on readily accessible corporate servers.

The maths war is hard to win (bigger keys handle most of that), and I honestly doubt most current encryption can be beaten reliably even with quantum computing.

[–] Restaldt@lemm.ee 3 points 2 years ago

Ive never understood how the same crowd that spouts not your keys not your crypto would ever trust any password manager they havent personally read the source code for/compiled/self hosted.

Not your server not your safe/secure password

[–] RangerAndTheCat@lemmy.world 1 points 2 years ago

Didn’t the same thing happen with TrueCrypt?

load more comments (9 replies)