posted by
janrinok
on Monday June 23 2014, @08:13PM
from the who-would-have-trusted-them-if-it-hadn't-been-opened? dept.
from the who-would-have-trusted-them-if-it-hadn't-been-opened? dept.
CISCO is offering up an experimental cipher which, among other things, could help preserve the anonymity of data in cloud environments. In putting what it calls "FNR" (Flexible Naor and Reingold) into the hands of the public ( http://blogs.cisco.com/security/open-sourcing-fnr-an-experimental-block-cipher/ ), CISCO says its work is currently experimental rather than production software.
The FNR specification, described here ( http://eprint.iacr.org/2014/421.pdf ) (PDF), explains that privacy of fixed-length fields (such as collected in NetFlow formats) is an emerging challenge for cloud providers, who collect lots of telemetry for analysis and don't want to change their field formats to encrypt the information.
This discussion has been archived.
No new comments can be posted.
Open Sourcing FNR an Experimental Block Cipher
|
Log In/Create an Account
| Top
| 13 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 1) by cyrano on Monday June 23 2014, @08:51PM
Well, look who's mad at the NSA. It's beginning to look that their allies are running, fast.
The quieter you become, the more you are able to hear. - Kali [kali.org]
(Score: 3, Informative) by opinionated_science on Monday June 23 2014, @09:00PM
maybe. but i would not trust a cipher until it has been vetted by the mathematicians(!) The implementation also needs to be vetted by CS experts, but the basis for encryption is mathematical, not computational.
This is why backdoors are often subtle inhomogeneities in external information (e.g. bad random numbers, incorrect primes, special constants). Since ultimately all mathematics is blind to the data, the data carries its own baggage!!!
(Score: 1) by cyrano on Monday June 23 2014, @09:31PM
What they are trying to do is implementing flexible Naor and Reingold in a very safe way, building on vetted fundaments (Feister).
Naor and Reingold have been proven by mathematicians and by open sourcing everything, the implementation can be audited by anyone.
The quieter you become, the more you are able to hear. - Kali [kali.org]
(Score: 2) by juggs on Tuesday June 24 2014, @05:31AM
Wonderful, the implementation can be audited. Doesn't really help if the unencrypted payload is being snarfed by some evil chippery before hitting the encryption algorithm.
And from there it's turtles all the way down maaaan! :D
(Score: 1, Insightful) by Anonymous Coward on Monday June 23 2014, @09:04PM
It still won't win back the trust of people, or, more importantly, the big non-US corporations that are looking for alternatives to the United States Intelligence Machine.
(Score: 3, Interesting) by d on Monday June 23 2014, @09:09PM
Is this patented? If yes, I don't even want to hear about it.
(Score: 0) by Anonymous Coward on Tuesday June 24 2014, @01:56AM
They released it under LGPLv2, which states:
(Score: 2) by Open4D on Tuesday June 24 2014, @01:13PM
Interesting. But if Cisco offers other people a certain licence to some software, on the condition that the licensees don't abuse relevant patents, does that condition also apply to Cisco, the licensor?
(Score: 2) by etherscythe on Tuesday June 24 2014, @07:51PM
Theoretically, perhaps. Realistically, Cisco will never sue Cisco over it, which is the enforcement mechanism. They're not quite as dumb as Sony [upenn.edu] (yet?)
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by stormwyrm on Tuesday June 24 2014, @01:53AM
Why should I use FNR instead of AES/Rijndael or a stream cipher derived from it if I really needed to encrypt arbitrarily small pieces of data smaller than the 128 bit block size? Who the invented it, and why should I trust them? What kind of security analysis has been done on it? While AES has the blessing of the US government, it was not invented or modified by the US government, and the world's best cryptographers have had a go at it for the past sixteen years and and have not found any practical attacks. An academic break is one thing, a break that can actually produce plaintext given only ciphertext with practical resources is another: all those attacks on AES published so far still require unrealistic computing resources and/or storage. Apparently this even includes the NSA's own cryptographers, else why would they have given their blessing to use it on classified information (meaning they have to use it themselves)?
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by juggs on Tuesday June 24 2014, @05:50AM
Let's think this through.
Scenario: Super-secret NSA skunkworks department breaks AES
Given that the people in the said skunkworks likely have the highest level of security clearance possible (ergo trusted to see all that encrypted classifed NSA junk), what are they going to do?
A. Declare they broke AES
B. Shut the hell up and use their breakology to look at everyone's junk, including improving internal NSA "transparency" for those in the know.
At this point it seems to have got to the point of the question being "How paranoid do you want to be?". As I type this I become suddenly aware of two, what I previously assumed to be, ferrite rings moulded into my monitor cable - but are they? They're certainly large enough to contain all manner of electronic wizardry. Perhaps I'll cut them open one day in a fit of paranoid melt down.
(Score: 0) by Anonymous Coward on Tuesday June 24 2014, @07:05AM
If the NSA was in possession of a practical break of AES and allowed the US government to use it for classified information anyway, then that would be the height of stupidity and arrogance. Do you really think that they are so stupid and arrogant as to believe that they cannot be penetrated by another foreign intelligence agency or whistleblower (FYI, they already have), or that someone, somewhere, be it the academic community or their counterparts elsewhere, will not independently discover their break? The NSA has been accused of many things, but stupid is not one of them. No, my guess is that they would have done A instead, as they did back in the days of DES, when some apparently suspicious changes they made to the DES s-boxes resulted in the algorithm actually becoming stronger.
(Score: 2) by VLM on Tuesday June 24 2014, @11:44AM
For the very specific answer, you may want to read the second paragraph of the intro in the paper which discusses that exact topic.
Your general observations are correct. The real question isn't "why use a weird unknown algo with the feature of not having to change anything else" but "why not implement a secure system". It absolutely reeks, stinks, of security as a checkbox on some bureaucrats checklist. This would imply its almost certain to be a failure.
The specific idea is none the less interesting. I suppose not being limited to 128 bit blocks adds something to steganography, precise lengths of random data look "fishy" but a random length of random data could plausibly be random... This is probably much more useful for the people embedding secret messages into exif fields in pr0n pix than to bank DBAs.