Non-NIST Cipher Suite

One of the most upsetting things about the recent revelations about the NSA’s shenanigans is that it has apparently devoted US$250M to suborning international standards. (One of the very upsetting things about these revelations is that there are several most upsetting things.) Over the last few weeks, just about everyone in the standards and crypto business has been looking over the crypto with an eye towards seeing what the NSA might have subverted.

There hasn’t been much definitive to say. There is the much-discussed elliptic curve random number generator in NIST’s documents. There is also the concern that the elliptic curves that are part of NSA Suite B aren’t as strong as they could be. There are also discussions about interference in various standards from IPsec to TLS to whatever.

There have been no smoking guns. The DUAL_EC_DRBG discussion has been comic. The major discussion has been whether this was evil or merely stupid, and arguing the side of evil has even meant admitting it is technologically a stupid algorithm, which sends the discussion into an amusing spiral of meta-commentary. Matt Green has an excellent blog post on its multi-dimensional stupidity. Was the NSA so stupid they think we wouldn’t notice the flaws (we did notice nearly immediately)? Was the NSA so stupid that this is the best they can do? And can we even believe the claim that they’ve been trying to subvert standards? They’re liars. They’ve lied to Congress, lied to the technical community, and lied to everyone. Should we believe them when they say they punked us, or believe that we saw the ball under the wrong cup all along?

Arguing the side of evil and avoiding the stupid leads to non-falsifiabilty — there must be something that is so clever we haven’t seen it yet. I keep thinking of Cabell’s quip that a pessimist fears that the optimist is right.

The issue of the Suite B curves is more interesting. Cryptographers Dan Bernstein and Tanja Lange have been arguing that the Suite B curves are weak since before we ever heard of Ed Snowden. I’ve been public and pointed; I’ve always thought that the DUAL_EC_DRBG random number generator is patently stupid. But I’ve always believed that the Suite B curves were designed secure. All crypto has a lifespan of utility. Even if there are issues with the Suite B curves, I think they were designed well at the time.

The NSA has argued intellectually that elliptic curve cryptography is a good idea for a decade. They have actively stumped for it as a technology, and even buying patent licenses (there have been controversies, but those are not at all about the integrity of the technology). If the Suite B curves are intentionally bad, this would be a major breach of trust and credibility. Even in a passive case — where the curves were thought to be good, but NSA cryptanalysts found weaknesses they have since exploited — it would create a credibility gap of the highest order, and would be the smoking gun that confirms the Guardian articles.

At Silent Circle, we’ve been deciding what to do about the whole grand issue of whether the NSA has been subverting security. Despite all the fun that blogging about this has been, actions speak louder than words. Phil, Mike, and I have discussed this and we feel we must do something. That something is that in the relatively near future, we will implement a non-NIST cipher suite.

Not everything is in place, yet. We have been discussing elliptic curves with Dan and Tanja and they are designing some for us (and the rest of the world, too). Dan’s 25519 curve is very nice, but smaller than we want. We’ve been using the P–384 curve and want a replacement for it, which they’re working on. We are going to replace our use of P–384 with that new curve, or perhaps two curves. We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement. We are going to replace our use of the SHA–2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense. (Full disclosure: I’m a co-author of Skein and Threefish.) Threefish is the heart of Skein, and is a tweakable, wide-block cipher. There are a lot of cool things you can do with it, but that requires some rethinking of protocols.

The old cipher suites will remain in our systems. We’re not going to get rid of them, but the new ones will be the default in our services. We understand there are gentlepersons who will disagree with our decision, so we’re not completely getting rid of the existing crypto.

This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure. It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs.

[Typos corrected on 30 Sept, jdcc]

Silent Text 1.7 for iOS – Now Available

Silent Text 1.7 for iOS was just released.  This version contains the fix to the iOS 7 compatibility issue that we blogged about a few days ago.  Silent Text 1.7 has sleek new features that you’re going to love.

Customize bubbles and text colors for your conversations.


Set the Burn time to minutes, hours or days.

BurnDelay    BurnOption   Privacy

New and improved wallpaper options.


Enter and edit Contacts by pressing the picture or icon for the person you are texting.  Compression of Audio Files is improved. Compatibility issues for Silent Text (Android) resolved.

Important Compatibility Notice For Silent Text Users Updating to iOS 7

Silent Circle Members:

We work hard to provide you with the most trusted and secure communications and software experiences possible. Accordingly, we want to make you aware of an iOS 7 compatibility and connection issue affecting our Silent Text app.

This issue does not affect users’ privacy or the security of communications in any way.

Specifically, we have discovered that when Silent Text users on iOS 7 initiate a new Silent Text conversation:
1.  Silent Text will crash
2.  After the app has restarted, messages sent in that text conversation are not delivered to recipients, even though they appear to be

Note that this issue does not occur when members who have upgraded to iOS 7 add to their existing conversations.  In this case, messages are unaffected. Additionally, iOS 7 users do not have any issues receiving initial messages from others.

At present, Silent Text users on iOS 7 can send messages if they use Silent Text’s “Reset Keys” function after beginning a new conversation (step-by-step instructions, with screenshots below).

We are planning to release an update for Silent Text that will fully resolve this issue for all users. In the meantime, please consider these workarounds we recommend to avoid any disruption to your mobile messaging experience:

• Consider delaying your update to iOS 7 until after our update to Silent Text is released (follow our blog and @Silent_Circle on Twitter for the latest news on all our app updates)

• If you must choose iOS 7, plan to manually reset your encryption keys for any new message conversation you initiate

Please contact Silent Circle Support at / Username: Support for questions or assistance.


The Silent Circle Team

Here are workaround instructions to “Reset Keys” for each conversation in Silent Text:
(1) In the conversation, press the menu button.

2.) Press the extended menu button.

3.) Press the Reset Keys button.

4.) Press Make New Key button.

Now you will be able to resume your text conversation.

The Battle for Your Digital Soul

There have been so many disclosures, revelations and speculations since Snowden fled and the media trickled out one tantalizing slide after the next- that it’s hard not to get overwhelmed. It’s hard not to get angry.

Now that the sheer scope and massive worldwide surveillance of the NSA has come to light over the last few months, it seems as if a veritable cloud of “Privacy Depression” has set in lately among citizens and the technology community at large. Adding to that hot mess is the willing complicity of the tech giants, backbone providers and hardware manufactures. Fuel to the fire.

Yes, there are some feigning outrage, some with true concern, and others calling for heads-on-a-platter while western intelligence agencies and big technology firms hunker down and hope it all goes away. It won’t. It’s only going to get worse for them and the government.

Through the great work of The Guardian, New York Times, Washington Post, ProPublica and Der Spiegel we now have a much clearer understanding of what we are up against. Along with all of this new information comes some confusion, wild speculation and some understandable depression about society as a whole ever winning back it’s basic right of privacy. Don’t buy into this thinking. Don’t drink the “all is lost” Kool-Aid, because we are winning.

We at Silent Circle believe these revelations and disclosures are some of the best things that could happen to the technology sector. In fact, the battle for your digital soul has turned strongly towards Privacy’s corner because we now know what we are up against. We are beginning to define the capabilities and tactics of the world’s surveillance machine. Before all of this -we speculated, guessed and hypothesized that it was bad –we were all way off. It’s horrendous. It’s Orwell’s 1984 on steroids. It doesn’t matter –we will win the war.

Last week we saw headlines about the NSA having made incredible breakthroughs in cryptanalysis and being able to crack SSL and VPN’s. Some media outlets that we spoke to were under the faulty impression that “all encryption had been easily broken” by the NSA and they possessed some magic black boxes that instantly decrypted everything. Hence the deeper onset of Privacy Depression that set in around the world.

Don’t buy the hype. Trust the math and strong encryption. One of the world’s greatest technology security experts, Bruce Schneier, wrote some terrifically clear and concise articles about these revelations and is perhaps in the best position to clarify what these recent disclosures mean. He has reviewed all of Snowden’s documents. Here is a quote from his article in The Guardian a few days ago that sums up the reality of the situation:

“Honestly, I’m skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.”

He is spot-on here in his comments. The security technology community has known for a long time that the platforms are the weak link (Windows, Mac, Android, browsers, IOS, Firefox OS, etc.) and we have known for years that it’s wise to be skeptical of mass-produced hardware as well (routers, servers, etc.). The fact that the NSA and the Chinese (Huawei) have pressured hardware and phone makers to be “surveillance friendly” is not new either, we just now have concrete proof right in front of our collective faces. We are really lucky this information has come to light. It’s a true gift. We are going to use it to set the government surveillance machines back 7-10 years. Back to where they should be to accomplish their responsibilities without violating those rights that they are in place to protect.

A lot has been made about the “35,000 NSA employees and $11 Billion spent annually on Department of Defense-wide Consolidated Cryptologic Program” along with $440 Million spent annually on Research & Technology. That is a hell of a lot of money and manpower. Good –I hope they increase both, because it’s good for us. Why? Its called bureaucratic, Red Tape, B and C grade talent, committees, focus groups, audit committees, professional politics, backstabbing, budget fights, and waste –in summary “Big, Bloated, Incompetent Government”.

I spent a good portion of my adult life in Special Operations –it’s an environment of innovation, A+ talent, self-sufficiency, and zero tolerance for bureaucracy. It’s about small teams of highly talented and dedicated people with skill and daring outwitting huge clunky armies. The NSA and the world’s government’s surveillance organizations are huge, bloated clunky armies. If you ever worked in a large corporation or government agency, then you know what I mean. It’s like the movie “Office Space” all over again.

They can have their $11 Billion dollars and armies of C-grade talent. I will put my money on people like Phil Zimmermann, Bruce Schneier, Jon Callas, Moxie Marlinspike, Charlie Miller, Kim Dotcom, the guys from Pirate Bay, Jacob Appelbaum, Chris Soghoian, and Nadim Kobeissi. Freakishly talented people like The Grugq, Mike Kershaw, Mudge, Matthew Green, Nick DePetrillo, and security researchers like Mark Dowd and Steve Thomas. Add to this the hundreds of thousands of highly creative, innovative and kick-ass new wave of smart hackers, coders and engineers focused on finding vulnerabilities and building cool secure systems – it’s not even a fair fight.

Small teams of highly experienced programmers can iterate builds, test and get feedback from expert talent around the world literally overnight – and produce groundbreaking innovations in secure communications and technology faster than the NSA can hold a budget meeting.

Now that we are armed with the solid evidence of what the surveillance state is doing and how they are doing it –sit back and watch as new hardware and software comes out of small innovative companies that disrupt entire multi-billion dollar cloud, communications, and telecommunications industries – based upon secure architecture and strategies learned from these disclosures.

Now that we know coercion, secret FISA courts, chummy-agreements with giant tech firms, National Security Letters, trunk line tapping and encryption standards-manipulation are the playing field – it’s game on.

We at Silent Circle feel it’s the dawn of a new age of secure communication and the real innovators of the world are just getting started. Simple secure phones, custom-made open source routers, servers, new encryption standards and software are going to come out in droves.

The battle for your digital soul has now begun. Sit back, grab a drink and watch this battle unfold from your back-doored computer, leaking browser, cracked VPN, compromised operating system and zero-day infected phone. My money is on the outraged innovators. This is going to be fun.

Mike Janke

Human Rights Foundation Partnership


Silent Circle would like to thank the Human Rights Foundation’s President and CEO, Thor Halvorssen, for introducing us to the Central Tibetan Administration’s (CTA) prime minister-in-exile, Lobsang Sangay. The Sikyong has the incredibly difficult job of leading the CTA while under a continuous barrage of cyber attacks. We hope that our donation to the CTA of Silent Circle subscriptions will make his life a little easier knowing that he, and the CTA as a whole, can use Silent Phone to make private international conference calls and send completely secure messages with encrypted files attached, via Silent Text. Everyone deserves a little privacy and the team at Silent Circle is proud to be able to provide it for our friends from Tibet. Welcome to the Circle.

For additional information: