Talk:Advanced Encryption Standard: Difference between revisions
imported>Sandy Harris m (Talk:Advanced Encryption System moved to Talk:Advanced Encryption Standard: use correct name) |
imported>Howard C. Berkowitz (→The process and the open approach remain important: new section) |
||
Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
== The process and the open approach remain important == | |||
Noticing that you moved the technical content to [[block cipher]], it still makes sense to have this, perhaps more focused on the process of open review and the alternatives. This sort of thing might be in a more general policy article rather than AES, or AES selection and policy could be a subarticle. | |||
DES selection, of course, was quite different. While it's U.S.-specific, there was a very interesting Congressional oversight response to concerns that NSA had weakened the DES key length, perhaps to give them a back door within their computing power but not of others. An NSA oversight body of the time, the Senate Intelligence Committee, set up a panel of cleared academic experts to deliver a classified report and open recommendations to them. The public report said, apparently accurately, that there was no back door, but carefully said nothing about differential cryptanalysis. | |||
Open review of encryption algorithms, I personally believe, is wise, but I also believe that the Senate action was a prototype for balancing legitimate security needs against legitimate oversight needs. In the present warrantless interception matter, it does not appear Congress has gotten adequate briefings, and/or has been allowed to have independent experts evaluate not the legalities, but the probability of the program obtaining useful information at the cost of privacy. [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 15:33, 27 October 2008 (UTC) |
Revision as of 09:34, 27 October 2008
The process and the open approach remain important
Noticing that you moved the technical content to block cipher, it still makes sense to have this, perhaps more focused on the process of open review and the alternatives. This sort of thing might be in a more general policy article rather than AES, or AES selection and policy could be a subarticle.
DES selection, of course, was quite different. While it's U.S.-specific, there was a very interesting Congressional oversight response to concerns that NSA had weakened the DES key length, perhaps to give them a back door within their computing power but not of others. An NSA oversight body of the time, the Senate Intelligence Committee, set up a panel of cleared academic experts to deliver a classified report and open recommendations to them. The public report said, apparently accurately, that there was no back door, but carefully said nothing about differential cryptanalysis.
Open review of encryption algorithms, I personally believe, is wise, but I also believe that the Senate action was a prototype for balancing legitimate security needs against legitimate oversight needs. In the present warrantless interception matter, it does not appear Congress has gotten adequate briefings, and/or has been allowed to have independent experts evaluate not the legalities, but the probability of the program obtaining useful information at the cost of privacy. Howard C. Berkowitz 15:33, 27 October 2008 (UTC)