[CentOS] Can we trust RedHAt encryption tools?

Thu Jan 9 22:59:54 UTC 2014
Robert Moskowitz <rgm at htt-consult.com>

On 01/09/2014 05:37 PM, Les Mikesell wrote:
> On Thu, Jan 9, 2014 at 4:32 PM, Robert Moskowitz <rgm at htt-consult.com> wrote:
>>> I always just assumed that blowfish was good precisely because it
>>> wasn't the one that was recommended/promoted by the groups likely to
>>> be compromised.   But, I try to stay out of politics so I don't worry
>>> much about keeping secrets anyway.
>> Bruce's twofish was better; it was his AES submission.
> But didn't that come later?  With nothing else to go on, that would
> make me think that it is more likely to have been influenced by
> whatever means corrupted the others.

It was back in the heady days of finding a replacement for DES and 
3DES.  Rivest had his RC5 (there are calls again for a streaming cipher, 
and NIST may well 'pick' one this year).  Kennedy had SAFER+ (used in 
Bluetooth, but SAFER+ was eliminated for AES because it was highly 
dependent on your RNG.  Ask bluetooth vendors about their RNG).

The peer review was brutal.  Bruce himself will admit to issues found 
surrounding twofish.  Some question the changes NSA had made with 
RInjdal, but again, massive peer review.  And you see that review 
regularly.  We wanted the GCM mode of operation for IEEE 802.1AE, and 
NSA offered some tweaks to tighten it up.  Just a bit before (grumble, 
what was the profs name) made the same recommendation.  The big things 
they help with.  Too much public review and too many profs looking for 
research for their students (why we are moving away from SHA1, 
eventhough further work is showing it to be stronger that we thought).  
It is the subtle things around the use of the algorithms and protocols 
they go after.