Obviously, the goal of encryption is to keep a channel of communication private by preventing eavesdroppers from clearly understanding what is going on.  Granted, they will still be able to hear/read the communication, but it will be garbled to the point where it doesn’t make any sense.  So when a new encryption standard came out, some people were happy about the new robust measures, but is is really something to celebrate?  With the whole idea that the NSA has a backdoor through this new encryption standard, what will make you communications private? Honestly, why would hackers or eavesdroppers try to crack the cipher on their own when they know there is a solution already available at the NSA…

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

Generating random numbers isn’t easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator. With John Kelsey and Niels Ferguson in 1999, I co-authored Yarrow, a random-number generator based on our own cryptanalysis work. I improved this design four years later — and renamed it Fortuna — in the book Practical Cryptography, which I co-authored with Ferguson.[more]

Tags: Encryption