Menu
Silent Circle moves away from NIST cryptographic standards, cites uncertainty

Silent Circle moves away from NIST cryptographic standards, cites uncertainty

The company plans to replace AES and SHA-2 with Twofish and Skein in its encrypted communication services

The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).

Silent Circle, a provider of encrypted mobile Voice over Internet Protocol (VoIP) and text messaging apps and services, will stop using the Advanced Encryption Standard (AES) cipher and Secure Hash Algorithm 2 (SHA-2) hash functions as default cryptographic algorithms in its products.

"We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas said Monday in a blog post. "We are going to replace our use of the SHA-2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense."

The company also plans to stop using P-384, one of the elliptic curves recommended by the NIST for use in elliptic curve cryptography (ECC).

The NSA has long been a supporter of ECC, an approach to public-key cryptography based on the arithmetic of elliptic curves, arguing that it is more secure and offers better performance than traditional public-key cryptography schemes. P-384 is one of the elliptic curves used in Suite B, a set of cryptographic algorithms used for encryption, key exchange, digital signatures and hashing that was selected by the NSA for use when handling classified information.

Silent Circle plans to replace the P-384 elliptic curve with one or more curves that are being designed by cryptographers Daniel Bernstein and Tanja Lange, who have argued in the past that Suite B elliptic curves are weak.

"If the Suite B curves are intentionally bad, this would be a major breach of trust and credibility," Callas said. "Even in a passive case -- where the curves were thought to be good, but NSA cryptanalysts found weaknesses they have since exploited -- it would create a credibility gap of the highest order, and would be the smoking gun that confirms the Guardian articles."

The New York Times and the Guardian newspapers reported last month, based on documents leaked by former NSA contractor Edward Snowden, that the NSA has used its influence to weaken an encryption standard published by the NIST in 2006.

That standard is the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), a secure pseudo-random number generator (PRNG) that's based on the elliptic curve discrete logarithm problem. PRNGs play an important role in many aspects of cryptography, and a vulnerability in one of them could undermine the whole security of a cryptographic system that uses it.

Researchers have warned since 2007 that Dual_EC_DRBG has a serious weakness, but some companies have implemented it in their encryption products anyway because it was a NIST recommendation.

Following the recent reports about the NSA weakening this standard, the NIST reopened Special Publication 800-90A, which includes the Dual_EC_DRBG specification, for public comments. The organization also denied that it would deliberately weaken a cryptographic standard.

However, the harm to the NIST's reputation seems already to have been done.

RSA, the security division of EMC, has since advised customers that its BSAFE cryptographic libraries and its Data Protection Manager products have been using Dual_EC_DRBG by default and strongly recommended that they switch to a different PRNG using instructions in the product documentation.

Silent Circle's new decision to move away from AES, SHA-2 and the P-384 curve doesn't mean that these standards are insecure, Callas said in the blog post. "It doesn't mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA's perfidy, along with the rest of the free world. For us, the spell is broken. We're just moving on."

The company still plans to support the NIST-sanctioned algorithms in its services, but they won't be the default choice anymore.

Asked why Twofish and Skein in particular were chosen to be the new default choices for Silent Circle's products, Callas said via email that both algorithms come from trusted sources, including himself in the case of Skein.

Twofish was a finalist in the NIST's selection of the AES cipher, and the team that developed it included people that Silent Circle's co-founders personally know and trust, he said. "A number of the same people produced Skein -- which was a SHA-3 finalist -- and I am a member of the Skein team."

For Silent Circle this was a "decision of conscience," Callas said. "Our primary responsibility is to protect our customers, especially in the face of uncertainty."

However, Callas doesn't think other vendors necessarily should follow suit and move away from NIST cryptographic standards.

"I wouldn't fault anyone for deciding differently," he said. "We need more of the world coming together with security and respecting each other's decisions even if we make different decisions and do different things. If someone decides to stay the course, I respect that."

"That's also why we're going to allow customers to use the old algorithms," Callas said. "We respect their personal decisions, too."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityencryptionrsa securitySilent Circle

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments