Ian, thanks for sharing your very interesting point of view.
General question to this mailinglist: is there a public archive available? At Apache, we use Markmail - eg.: http://markmail.org/search/?q=Couchdb . It's very nice to be able to search in the ML and also share some info - if not protected but that should be on a private list anyway. Thanks Andy On 2 September 2015 at 17:45, ianG <[email protected]> wrote: > On 2/09/2015 12:43 pm, Alan Orth wrote: > >> I'm not sure if you folks saw this, but a few weeks ago the NSA updated >> their Suite B recommendations. They now recommend AES-256, curve P-384, >> and SHA-384. Here's a before and after of their "Suite B" cryptography >> recommendations: >> >> Before (web archive): >> >> >> https://web.archive.org/web/20150403110658/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml >> < >> https://web.archive.org/web/20150403110658/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml >> > >> >> After: >> >> https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml >> <https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml> >> >> Now you need to decide to yourself if this is worth updating your >> infrastructure configuration. :) >> > > > > My understanding of the facts (?) is this. > > 1. NSA has mandate to protect USG agencies. It also has a mission to > breach everyone (else) but let's ignore that for the moment. > > 2. NSA knows more about quantum than anyone else, in the sense that it > has the budget to know, and has been spending that budget. > > 3. (we suspect) NSA is worried about quantum. > > 4. NSA guidelines protect out to a 25 years. So if NSA can't rule out a > quantum attack in the 25 year++ horizon, then they have to protect against > a quantum attack. > > 5. Current understanding is that a quantum attack reduces the > bit-strength of an algorithm by the square-root - much like a birthday > attack. > > 6. So in essence, take previous minimum strengths (128, etc) and double > (to baseline 256, etc). > > > > So, what does this mean for everyone else? Not a lot. > > The problem is that NSA is mandated to protect US government agencies and > not the rest of the world. Following standard threat modelling, they built > their list of threats, not your list of threats. Their list of threats > include a very well funded Chinese / Russian attack. Eg, state of the art, > monster-grade quantum supercomputer. Which is only going to be used > against the juciest of targets - the USA. Lets call this the Bletchley > Park Attack. > > Our list of threats doesn't include that computer. Because, if any > government wants our data, they'll spend $1000 to hire a local thief, not > $1000000000 to deploy their monster machine on us. > > The NSA, by its own methodology and logic and customer, cannot afford to > be wrong on this. We can afford to wait, and we can afford to be wrong. > Wait and see. When ordinary people (botnet operators) can buy quantum > computers that can crack keys, we'll know about it. > > > > iang > > > ps; the key flaw in this debate is this: using someone else's threat > model and not realising it's wrong for you. A common failing. > > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > -- Andy Wenk Hamburg - Germany RockIt! http://www.couchdb-buch.de http://www.pg-praxisbuch.de GPG fingerprint: C044 8322 9E12 1483 4FEC 9452 B65D 6BE3 9ED3 9588 https://people.apache.org/keys/committer/andywenk.asc
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
