Silent Circle will “move on” from NSA-associated encryption standards, but is that necessary?
SKEIN hash replaces SHA-2
Twofish cipher replaces AES
Note: AES has the weakest safety factor of all the 5 candidates in the NIST competition – a safety factor of only 1.11… ie almost a broken cipher.
Schneier wrote 13 years ago that a safety factor of 2 was an absolute minimum.
Twofish offers a safety factor of 2.6
Serpent offers a safety factor of 3.6
Any cipher coauthored by Schneier seems “approved” as safe.
The secure communications provider Silent Circle is pretty upset about the apparent betrayal of the cryptographic community by the NSA, so it’s moving away from encryption standards that the intelligence agency helped develop.
Silent Circle, co-founded by PGP author Phil Zimmermann, provides encrypted mobile and desktop voice and text services for personal and enterprise use. In a blog post on Monday, the company said it would soon adopt new defaults to replace certain widely-used standards that came out of the U.S. National Institute of Standards and Technology (NIST) with the co-operation or guidance of NSA representatives.
While NIST is a highly-respected standards body, it was recently forced to advise against the use of its own Dual_EC_DRBG random number generator after Edward Snowden’s leaks suggested it had been subverted by NSA representatives involved in the standardization process. Long story short: the NSA seems to have set constants in…
View original post 670 more words