Even a cursory glance through our reviews will show that Advanced Encryption Standard (AES) cyphers, often backed up with SHA (usually SHA-1 but sometimes SHA-2) hash functions are the ‘go-to’ encryption standards used by just about every security conscious VPN provider.
The thing about these standards however, is that they were developed and certified by the United States National Institute of Standards and Technology (NIST). In the wake of Edward Snowden’s evidence that the NSA has been deliberately weakening and manipulating encryption standards for years, and the fact that NIST has admitted to working closely with the NSA in the development of its cyphers, many have begun to question the integrity of its algorithms.
Although NIST has been quick to deny any wrong doing (‘NIST would not deliberately weaken a cryptographic standard’), and has invited public participation in a number of upcoming proposed encryption related standards in a move designed to bolster public confidence, the New York Times has accused the NSA of circumventing the NIST approved encryption standards by either introducing undetectable backdoors, or subverting the public development process to weaken the algorithms.
This distrust was further bolstered on September 17, when RSA Security (a division of EMC) privately told customers to stop using an encryption algorithm that reportedly contains a flaw engineered by the National Security Agency.
Furthermore, Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an encryption standard engineered by NIST, and one that has been known to be insecure for years, with the Eindhoven University of Technology in the Netherlands noting in 2006 that an attack against it was easy enough to launch on ‘an ordinary PC’, and Microsoft engineers flagging up a suspected backdoor in the algorithm. Despite these concerns however, where NIST leads, industry will follow, and Microsoft, Cisco, Symantec and RSA all include the algorithm in their product’s cryptographic libraries, in large part due the fact that compliance with NIST standards is a prerequisite to obtaining US government contracts.
It comes as little surprise then, that cryptographic experts have begun to express a desire to move away from NIST developed and certified standards, with Silent Circle, the company who shut down its Silent Mail service because in the wake of Lavabit’s closure it felt that it could no longer guarantee its customers privacy, leading the charge.
In a blog post on Monday, Silent Circle CTO Jon Callas said,
‘We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement. We are going to replace our use of the SHA–2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense.’
Silent Circle also plans to move away from P-384 Elliptic curve technology, which has been heavily promoted by NIST,
‘If the Suite B curves are intentionally bad, this would be a major breach of trust and credibility. Even in a passive case — where the curves were thought to be good, but NSA cryptanalysts found weaknesses they have since exploited — it would create a credibility gap of the highest order, and would be the smoking gun that confirms the Guardian articles’.
Callas describes this move a ‘decision of conscience. Our primary responsibility is to protect our customers, especially in the face of uncertainty.’
*At the time of publishing, links to NIST’s website are dead thanks to the US government shutdown.