Hi Eric, On Tue, Apr 24, 2018 at 8:16 PM, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > So, what do you propose replacing it with? Something more cryptographically justifiable. > outside crypto review, vs. the many cryptanalysis papers on Speck. (In that > respect the controversy about Speck has actually become an advantage, as it has > received much more cryptanalysis than other lightweight block ciphers.) That's the thing that worries me, actually. Many of the design decisions behind Speck haven't been justified. > The reason we chose Speck had nothing to do with the proposed ISO standard or > any sociopolitical factors, but rather because it was the only algorithm we > could find that met the performance and security requirements. > Note that Linux > doesn't bow down to any particular standards organization, and it offers > algorithms that were specified in various places, even some with no more than a > publication by the author. In fact, support for SM4 was just added too, which > is a Chinese government standard. Are you going to send a patch to remove that > too, or is it just NSA designed algorithms that are not okay? No need to be belittling; I have much less tinfoil strapped around my head than perhaps you think. I'm not blindly opposed to government-designed algorithms. Take SHA2, for example -- built by the NSA. But I do care quite a bit about using ciphers that have acceptance of the academic community and a large body of literature documenting its design decisions and analyzing it. Some of the best symmetric cryptographers in academia have expressed reservations about it, and it was just rejected from a major standard's body. Linux, of course, is free to disagree -- or "bow down" as you oddly put it -- but I'd make sure you've got a pretty large bucket of justifications for that disagreement. > (in fact, you'd > probably have a different opinion of it if the authors had simply worked > somewhere else and published the exact same algorithm); Again, no need to patronize. I don't actually have a bias like that. > But I hope you can understand that all *technical* indicators are that Speck is > secure enough That's the thing I'm worried about. Jason
