Replying to Avatar Cyph3rp9nk

The robustness of a cryptographic protocol is based on knowing what the algorithm does, making it public and being tested, like a peer review but in real life.

The more times a cryptographic protocol has been tried to be attacked and failed, the more valid it is to be used in production.

Right now there are accusations that the NSA and NIST are hiding the development of new post-quantum cryptographic protocols.

"Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for “post-quantum cryptography” (PQC). He also believes that NIST has made errors – either accidental or deliberate – in calculations describing the security of the new standards. NIST denies the claims."

“NIST isn’t following procedures designed to stop NSA from weakening PQC,” says Bernstein. “People choosing cryptographic standards should be transparently and verifiably following clear public rules so that we don’t need to worry about their motivations. NIST promised transparency and then claimed it had shown all its work, but that claim simply isn’t true.”

The key here is that NIST will approve them for use in industry, industry will accept them because oh my god, the quantum age has arrived, and they will discard secure algorithms for insecure and poorly tested algorithms, a perfect strategy.

Quantum computing is currently a fallacy just like fusion energy, it is just a public money grabber.

On the other hand, it was recently discovered in the snowden papers that Cavium, which was then one of the main manufacturers of cryptographic coprocessors for VPN devices, had a backdoor introduced by the NSA in its chips, these chips were used for years by most manufacturers such as CISCO.

And some still recommend hardware wallets with secure elements that are closed source 😂.

Robust cryptography can only and only be opensource, you understand? from the beginning to the end.
Avatar
Toxic Bitcoiner 1y ago

Aren’t all current secure elements closed source? Open one in development? What would you recommend instead?

Reply to this note

Please Login to reply.

Discussion

Avatar
Cyph3rp9nk 1y ago

Indeed the secure elements are closed source, however trezor is developing an open source secure element called tropic.

On the other hand, there is an alternative solution which is the one used by coldcard, with several secure elements, in this case two that do not trust each other.