https://community.isc2.org/t5/Tech-Talk/Defect-in-Russian-Cryptographic-Algorithms-Coincidence/m-p/23037#M1357 <P>What? A National Intelligence Service fielded a crypto algorithm with an exploitable defect???</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><div class="video-embed-left video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FHMIyDf3gBoY%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DHMIyDf3gBoY&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FHMIyDf3gBoY%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="400" height="225" scrolling="no" title="Casablanca Shocked" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></P> Fri, 31 May 2019 15:43:21 GMT CraginS 2019-05-31T15:43:21Z https://community.isc2.org/t5/Tech-Talk/Defect-in-Russian-Cryptographic-Algorithms-Coincidence/m-p/22182#M1272 <P>At a recent ISO/IEC Joint Technical Committee meeting in Tel Aviv the Russian delegation did not offer convincing arguments that their countries cryptographic algorithms STREEBOG (256/512 hashing functions) and KUZNYECHIK (64/128 block cipher) coincidentally shared the same flaw in their <A href="https://en.wikipedia.org/wiki/S-box" target="_blank" rel="noopener">S-Box</A> design. This was discovered by Léo Perrin (IACR reprint <A href="https://eprint.iacr.org/2019/092" target="_blank" rel="noopener">here</A>). The ISO/IEC working group plans to take 6 months to investigate the potential for the flaw to be exploited. Streebog is already an ISO/IEC standard and was developed by the Center for Information Protection and Special Communications of the Federal Security Service, Russia’s main security agency. Notably, this is not the first time ISO/IEC has seen a government entity ask it to approve its own cryptographic algorithms, remember our good friends at the NSA tried this last year with "SIMON" and "SPECK" for IoT and they were not accepted.</P> Mon, 09 Oct 2023 09:12:10 GMT https://community.isc2.org/t5/Tech-Talk/Defect-in-Russian-Cryptographic-Algorithms-Coincidence/m-p/22182#M1272 AppDefects 2023-10-09T09:12:10Z https://community.isc2.org/t5/Tech-Talk/Defect-in-Russian-Cryptographic-Algorithms-Coincidence/m-p/23037#M1357 <P>What? A National Intelligence Service fielded a crypto algorithm with an exploitable defect???</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><div class="video-embed-left video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FHMIyDf3gBoY%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DHMIyDf3gBoY&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FHMIyDf3gBoY%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="400" height="225" scrolling="no" title="Casablanca Shocked" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></P> Fri, 31 May 2019 15:43:21 GMT https://community.isc2.org/t5/Tech-Talk/Defect-in-Russian-Cryptographic-Algorithms-Coincidence/m-p/23037#M1357 CraginS 2019-05-31T15:43:21Z