back to article NSA's crummy crypto crop Suite B binned, and other network nuggets

Over at the Internet Engineering Task Force, a notorious piece of history is being consigned to... well, history. This Request for Comment, RFC 8423, reassigns a bunch of specs that were authored or co-authored by American intel bods at the National Security Agency (NSA) to "Historic Status". The RFCs in question are the NSA' …

  1. Malcolm Weir Silver badge

    The Suite B news is ripe for confusion!

    Suite B also includes AES, SHA-2, ECDH, and ECDSA.

    None of which are being retired.

    Mostly what's happening is a renaming of a bunch of stuff that was in Suite B to CNSA. It's still AES, ECDSA, SHA-2, etc.... but now with a shiny new name.

    And for the record, I've not heard anyone (without their own tin foil hat) suggest that e.g. AES is nobbled.

    1. Michael Wojcik Silver badge

      CNSA did make some changes, notably reclassifying RSA and other algorithms so they were still allowed, and retreating from PFS. It's significantly different from Suite B.

      But, yes, the article is rather misleading. Most of the algorithms endorsed by Suite B and CNSA are not "NSA specs". And the NSA's "run away from ECC!" panic that led to the replacement of Suite B was largely ignored (for practical purposes, even if it excited a lot of discussion) outside the Federal government.

      It's also hard to see how "[m]oving the RFCs to historical status formalises the death of the suite". Suite B is a NIST specification. All the IEFT have done is updated their endorsement to bring it into line with NIST.

  2. Version 1.0 Silver badge
    Happy

    Is AES nobbled?

    Probably not, given that the NSA recommend it and use it themselves ... but if you wanted to convince everyone that it was safe - then isn't that exactly what you would do?

    Realistically, regardless of whether it's cracked or not, it's currently safe enough commercially assuming that you're not doing anything that the NSA might be interested in - and if you are playing around in areas that the NSA think are naughty then it would be a red flag to not use it so let's keep using it.

  3. An nonymous Cowerd

    everyone's doing something that one day might be needed by the 5-eyes

    from Tony Blair, (Miranda, really?)

    to Corbyn (this week's made-up stuff)

    that's what total information awareness gets you, pervasive storage, Xkeyscore LUT

    Now, what's this about Linux kernel crypto????

    https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/

    it’s not a backdoor in your PC, just very weak encryption that your PC might choose to use, although those sensible crypto engineers at the International Standards Organisation (ISO) rejected the code due to their backdoor concerns. Not many other trusty OS’s are available . . .

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like