How Secure Can Silent Circle Get?: The secure communications provider Silent Circle is pretty upset about the apparent betrayal of the cryptographic community by the National Security Agency, so it’s moving away from encryption standards that the intelligence agency helped develop.
Silent Circle, co-founded by Pretty Good Privacy (PGP) author Phil Zimmermann, provides encrypted mobile and desktop voice and text services for personal and enterprise use. In a blog post on Monday, the company said it would soon adopt new defaults to replace certain widely used standards that came out of the U.S. National Institute of Standards and Technology (NIST) with the cooperation or guidance of NSA representatives.
While NIST is a highly respected standards body, it was recently forced to advise against the use of its own Dual_EC_DRBG random number generator after Edward Snowden’s leaks suggested it had been subverted by NSA representatives involved in the standardization process. Long story short: The NSA seems to have set constants in the generator that makes its output easier to guess, in turn making encryption that uses the generator easy to crack if you know the constants. The security firm RSA, which used Dual_EC_DRBG by default, also had to warn its customers to steer clear.