Announcement

Collapse
No announcement yet.

Linux 4.21 Positioned To Pickup Streebog Crypto Support Developed By Russia's FSB

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 4.21 Positioned To Pickup Streebog Crypto Support Developed By Russia's FSB

    Phoronix: Linux 4.21 Positioned To Pickup Streebog Crypto Support Developed By Russia's FSB

    In addition to Linux 4.21 set to land Adiantum as the crypto algorithm backed by Google following the company's falling out with the NSA's Speck crypto for low-end data encryption, Streebog is also set to be introduced as a cryptographic hash function developed in large part by the Russian government...

    http://www.phoronix.com/scan.php?pag...treebog-Crypto

  • #2
    So now we can choose who we let spy on us: FSB, Google or NSA.
    It's something!...

    Comment


    • #3
      So I take it we're going to start seeing the same totally-not-russian little green men we saw at Crimea making appearances at Linux kernel events?
      "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

      Comment


      • #4
        Originally posted by nomadewolf View Post
        So now we can choose who we let spy on us: FSB, Google or NSA.
        It's something!...
        We live in time when anyone is victim of inteligence activities and only posibility is to choose who is spying you more and who is spying you less...

        Comment


        • #5
          Actually you should be OK using two or more algo in series. So, for example, a Russian cipher followed by a US cipher. So, supposed their agencies are able to break its own algo, none of the two won't be able to break your data. Unless they both collaborate deciphering their own algo on the same data .

          Comment


          • #6
            Originally posted by nomadewolf View Post
            So now we can choose who we let spy on us: FSB, Google or NSA.
            It's something!...
            You beat me to it.

            Comment


            • #7
              Originally posted by oibaf View Post
              Actually you should be OK using two or more algo in series. So, for example, a Russian cipher followed by a US cipher. So, supposed their agencies are able to break its own algo, none of the two won't be able to break your data. Unless they both collaborate deciphering their own algo on the same data .
              Yeah. Lets be paranoid and chain all symmetric chiphers with the "qwerty" password taped to some guys desk. :P
              That way nobody gets an advantage.

              Comment


              • #8
                It's time to fingerprint trusted linux sources and distros in bitcoin blockchain..

                Comment


                • #9
                  Originally posted by nikolobok View Post
                  It's time to fingerprint trusted linux sources and distros in bitcoin blockchain..
                  As a side note, the "Reproducible builds" effort tries to help with trusting the packages you get (from a source you trust).

                  https://wiki.debian.org/ReproducibleBuilds

                  Comment


                  • #10
                    Originally posted by nomadewolf View Post
                    So now we can choose who we let spy on us: FSB, Google or NSA.
                    It's something!...
                    Calm down, people, so many uninformed paranoia here. I think I have the duty to clarify.

                    The Speck algorithm is a new low-security cipher designed by the NSA, hence it gets all this controversy. This is exactly why Google finally decided to design HPolyC/Adiantum to replace it. Unlike what the article says, Google's HPolyC/Adiantum are NOT new symmetric __ciphers__, but a full-disk encryption __framework__, based on universally trusted ChaCha20 cipher, and Poly1305 authentication code.

                    Traditionally, full-disk encryption was implemented based on a BLOCK CIPHER, such as AES, with XTS mode of operation. But as ChaCha20 is a steam cipher, it cannot be used for disk-encryption despite its reputation on high security and performance.

                    After Speck was declared unreliable, what Google did after was designing a construction similar to AES-XTS to allow a stream cipher to be used instead of a block cipher in full-disk encryption, with equivalent security. The HPolyC/Adiantum framework allows we use any stream cipher in full-disk encryption, and in this case, the cipher is ChaCha20.

                    And Streebog is not even used for encryption, it's just a hash function, and probably nobody except the system which needs Russan governments certification will use them. To summarize,

                    Speck - new low-security symmetric cipher designed by the NSA

                    Streebog - a new hash function (NOT a cipher) designed by FSB.

                    HPolyC/Adiantum - a new full-disk encryption framework designed by Google, which utilizes known good ciphers ChaCha20 and Poly1305.

                    Comment

                    Working...
                    X