Announcement

**oleid** · 05 June 2018, 02:44 PM

Quoting Wikipedia ( https://en.wikipedia.org/wiki/Speck_(cipher))

German, Japanese and Israeli delegates to the International Organization for Standardization have opposed efforts by the NSA to standardise the Simon and Speck ciphers, citing concerns that the NSA is pushing for their standardisation with knowledge of exploitable weaknesses in the ciphers, based on partial evidence of weaknesses in the ciphers, lack of clear need for standardisation of the new ciphers, and the NSA's previous involvement in the creation and promotion of the backdoored Dual_EC_DRBG cryptographic algorithm.^[11]

Sounds quite credible.

**davidbepo** · 05 June 2018, 05:06 PM

this looks fishy AF, not like for example AES which is absolutely trustworthy

**starshipeleven** · 05 June 2018, 07:08 PM

Originally posted by davidbepo View Post

this looks fishy AF, not like for example AES which is absolutely trustworthy

For those wondering why this fine guy is (gasp!) doubting of a fine algorithm like AES... we introduce the concept of mathematical backdoors https://www.theregister.co.uk/2017/1...cal_backdoors/

**davidbepo** · 05 June 2018, 07:28 PM

Originally posted by starshipeleven View Post

For those wondering why this fine guy is (gasp!) doubting of a fine algorithm like AES... we introduce the concept of mathematical backdoors https://www.theregister.co.uk/2017/1...cal_backdoors/

lolwut? im not doubting AES, im saying that it is absolutely trustworthy, its not possible that it is backdoored also that idea would imply nsa shooting itself in the foot, heck they didnt even design it, AES its rijndael which is an algorithm made by two Belgian cryptographers

**starshipeleven** · 06 June 2018, 03:26 AM

Originally posted by davidbepo View Post

lolwut? im not doubting AES

I am.

that idea would imply nsa shooting itself in the foot

FYI: with the whole Juniper firewall backdoor thing they did exactly that. a good 50% of these firewalls were bought by US government.

**Vistaus** · 06 June 2018, 11:20 AM

Originally posted by starshipeleven View Post

For those wondering why this fine guy is (gasp!) doubting of a fine algorithm like AES... we introduce the concept of mathematical backdoors https://www.theregister.co.uk/2017/1...cal_backdoors/

If only there was a way to use OTP for file-system encryption... that'd be the ultimate FS encryption!

**starshipeleven** · 06 June 2018, 01:05 PM

Originally posted by Vistaus View Post

If only there was a way to use OTP for file-system encryption... that'd be the ultimate FS encryption!

If by OTP you mean one-time-password, then it's just a way of logging in, the underlying algorithm used is not related to that.

**DrYak** · 06 June 2018, 01:13 PM

Originally posted by phoronix View Post

Ted Ts'o followed up with, "This is really intended for "The Next Billion Users"; phones like Android Go that was disclosed at the 2017 Google I/O conference, where the unsubsidized price is well under $100 USD (so cheaper than the original OLPC target)." Basically, super-cheap, super low-end smartphones using old ~ARMv7 SoCs lacking hardware encryption extensions and Speck is the most efficient algorithm they currently have for at least offering some level of file-system encryption.

I call bullshit. I'm currently running success fully ChaCha20-Poly1305 in the same class of IoT hardware (older ARMv6 Raspberry Pi).

Even wikipedia mentions

Speck is one of the fastest ciphers available, both for long as well as short messages and is comparable in speed to the stream cipher Salsa20

(For the record Chacha20 is the newer/better/faster version of Salsa20, also by Daniel J. Bernstein)

There's a reason why Google themselves have pushed for it to replace RC4 in the embed space.

Also, in Arduino crypto libraries (so even smaller IoT devices than the smartphone cited by Tso) Chacha is the recommendation.
Speck has the only advantage of half the code size (so useful for extreme constrained applications that don't leave you much free leftover space in the flash to cram your compression in) but that comes at the cost of ram and slower setup time.

**DrYak** · 06 June 2018, 01:21 PM

Originally posted by starshipeleven View Post

If by OTP you mean one-time-password,

I thinks he's referring to one-time pad, the only type of encryption that is provably mathematically unbreakable.

(And is unbreakable in real-life too, as long as your have used an actual true-random source to generate, and manage to protect the pad itself as required, and indeed only use it once - unlike what was done in virtually all the historical situations of OTP being broken due to either capture of the pad or statistical analysis upon pad re-use).

It's absolutely completely unpractical for storage (it would mean having giant multi-terabytes spools of tape containing nothing but noise to be used to XOR against when encrypting, that you need to defend dearly with your life or destroy in case of risk of capture, and you can only use exactly once each chunk of tape noise)

Announcement

EXT4/Fscrypt Changes For Linux 4.18: Speck File-System Encryption Being Added

EXT4/Fscrypt Changes For Linux 4.18: Speck File-System Encryption Being Added

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment