[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnueval-security] [Richard Stallman] evaluating an encryption progr
From: |
Christian Grothoff |
Subject: |
Re: [gnueval-security] [Richard Stallman] evaluating an encryption program |
Date: |
Mon, 25 Nov 2013 23:10:21 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10 |
Hi!
Aside from the usual caveats (NTRU is peer-reviewed, but still rather
new and comparatively untested; there is also the probabilistic
decryption mentioned already by Stephen), and some obvious disadvantages
(huge key size, limited availability), I don't know that there is a
clear security reason for -not- using it. However, as long as quantum
cryptoanalysis (not quantum computing with a handful of bits) is not
real, it is unclear if NTRU is actually going to be stronger than say a
good curve. NTRU is better against a system that is hypothetical today.
Experts I talked to said that there is a 10% chance that they are real
in 10-30 years --- and a 89% chance that they won't ever be real.
So the real question is if the GNU packages using NTRU should be trying
to prepare for the 10% chance in 10-30 years. MOST should probably not
do this. A few crypto libraries (libgcrypt, nettle, GnuPG) may (!) put
this on their medium-term feature list, but any "normal" package should
not touch this IMO -- they're much more likely to have security issues
elsewhere.
My 2 cents
Christian
On 11/24/13 21:07, Brandon Invergo wrote:
> Hi guys,
>
> From rms:
>
>> Could you please ask people to look at
>> https://github.com/NTRUOpenSourceProject/ntru-crypto/ and judge
>> whether it is good for us to use?
>
>> They are not considering making it a GNU package, and I doubt that
>> they ever will; but we might want GNU packages to use it, and that's
>> the question I'd like people to study.
>> Please report back to me after you've come to some conclusion.
>
> Can someone look into it for us?
>
> Thanks!
> Brandon
>