The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).
Silent Circle, a provider of encrypted mobile Voice over Internet Protocol (VoIP) and text messaging apps and services, will stop using the Advanced Encryption Standard (AES) cipher and Secure Hash Algorithm 2 (SHA-2) hash functions as default cryptographic algorithms in its products.
[ Build and deploy an effective line of defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. Download it today! | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
"We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas said Monday in a blog post. "We are going to replace our use of the SHA-2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense."
The company also plans to stop using P-384, one of the elliptic curves recommended by the NIST for use in elliptic curve cryptography (ECC).
The NSA has long been a supporter of ECC, an approach to public-key cryptography based on the arithmetic of elliptic curves, arguing that it is more secure and offers better performance than traditional public-key cryptography schemes. P-384 is one of the elliptic curves used in Suite B, a set of cryptographic algorithms used for encryption, key exchange, digital signatures and hashing that was selected by the NSA for use when handling classified information.
Silent Circle plans to replace the P-384 elliptic curve with one or more curves that are being designed by cryptographers Daniel Bernstein and Tanja Lange, who have argued in the past that Suite B elliptic curves are weak.
"If the Suite B curves are intentionally bad, this would be a major breach of trust and credibility," Callas said. "Even in a passive case -- where the curves were thought to be good, but NSA cryptanalysts found weaknesses they have since exploited -- it would create a credibility gap of the highest order, and would be the smoking gun that confirms the Guardian articles."
The New York Times and the Guardian newspapers reported last month, based on documents leaked by former NSA contractor Edward Snowden, that the NSA has used its influence to weaken an encryption standard published by the NIST in 2006.
That standard is the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), a secure pseudo-random number generator (PRNG) that's based on the elliptic curve discrete logarithm problem. PRNGs play an important role in many aspects of cryptography, and a vulnerability in one of them could undermine the whole security of a cryptographic system that uses it.
Researchers have warned since 2007 that Dual_EC_DRBG has a serious weakness, but some companies have implemented it in their encryption products anyway because it was a NIST recommendation.