> On 08 Mar 2017, at 01:33, Hanno Böck <[email protected]> wrote: > > On Tue, 7 Mar 2017 15:11:03 +0000 > Aaron Zauner <[email protected]> wrote: > >> For review: >> https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20TOP%20SECRET.pdf > > The document contains a lot of outdated advice. > > E.g.: > > "(S//NF) Confidentiality must be provided by AES, Serpent, Twofish, > Blowfish, 3DES, or RC4 with a minimum key size of 128 bits. Block > ciphers must be operated in Galois/Counter Mode (GCM), Counter Mode > (CTR), or Cipher Block Chaining Mode (CBC). If RC4 is used, at least > the first 1024 > bytes of the cryptostream must be discarded and may not be used." >
Yeah, it's not really up to date. I guess purging the first 1024 bytes in the bitstream of RC4 would make bias attacks far harder as the biases are at the beginning of the stream. In general this seems to be stupid advice, though. I haven't seen any Suite A ciphers mentioned - so I think they're still only used by NSA for satcom / classified networks et cetera, everything else seems to use Suite B-based crypto. The leaks also contain discussion about Equation Group and choices of ciphers for CNC/exfil - apparently NSA recommended a weird internal crypto lib that the intelligence community was using for quite a while and was easy to detect because of certain parameters and especially algorithm choices: https://wikileaks.org/ciav7p1/cms/page_14588809.html Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
