On 01/09/2014 04:55 PM, John R Pierce wrote: > On 1/9/2014 1:27 PM, Kanwar Ranbir Sandhu wrote: >> I think everyone should assume the entire ecosystem is compromised and >> shouldn't trust anything. Code should be reviewed and bugs/weaknesses >> removed IMMEDIATELY. The problem is obviously not everyone is a >> programmer and not everyone will have the knowledge to understand how to >> fix/improve the security issues. Of course, some software is still >> good, but who's going to verify that and when? If you don't use free >> software, you're a goner because now you have no ability whatsoever to >> audit the code! > I've programmed for 40 years, and I don't understand encryption > algorithms nor can I evaluate their strengths and weaknesses. I know > very few programmers who can. None personally, in fact. I work with real cryptographers. I do not consider myself one. I am a crypto protocol designer; a different breed. You basically trust the math and the arguments put forward by the real cryptographers. There is LOTS of public review and comment. But we recognize that the largest employer of mathmeticians is the NSA. If there is an exploitable lever, they will know about it before we will; I have a real experience with this back with IPsec and the implicit IV ESP proposal. So some programmer has to take the math for the crypto algorithms and implement it correctly. In many cases, this ends up being done at least in firmware, and in some cases actual chips (I work mostly, these days, with sensors). Then you have to trust the likes of me to design the crypto protocol right. There are lots of subtle traps here; I have the scars to show it. Then programmers again have to take our crypto protocols and do them right.... You get the picture. If you do not trust the NIST (read NSA) EC curves, you have two choices. Dan Berstein's curves (Dan is a long time anti guy, and Bruce Schneier is a long time friend of Dan, and me). Or the Braintrust curves; they are published in an RFC (seems good to me, and I have heard some good references on their work). But really, the NIST curves have been under extensive review. They are used both by the govs and banking; NSA knows if they can figure out weaknesses, so can other large gov funded math teams. The big event was the RNG that NSA had added, and the public community came down on it almost from the get-go. You want to talk about leaky code? Look how corporate mail proxies work to enable them to read encrypted emails. Simple lying about certs.