Back in August, at the same time that Ladar Levison shut down Lavabit, Jon Callas at Silent Circle (a US firm that offers a global encrypted communications service), announced that the company was shutting down its secure email service: "We see the writing [on] the wall, and we have decided that it is best for us to shut down Silent Mail now," he wrote.
The spur here was the first few revelations in the media following Edward Snowden's leaks on NSA surveillance and FISC's ruling that it could do so. Since then, much more has emerged; and noticeably suggestions that the NSA interfered with the NIST elliptic curve crypto algorithm.
What seems to now worry Callas is effectively, 'what has the NSA done that we haven't seen?' "Was the NSA so stupid they think we wouldn't notice the flaws (we did notice nearly immediately)? Was the NSA so stupid that this is the best they can do?" The concern is that maybe they are not so stupid, and maybe this is not the best they can do.
"They’re liars," Callas added. "They've lied to Congress, lied to the technical community, and lied to everyone." The danger now, he suggests, is "there must be something that is so clever we haven’t seen it yet."
So, he continues, "Phil [Zimmerman, president, co-founder and creator of PGP], Mike [Janke, CEO, co-founder and former Navy SEAL sniper], and I [Jon Callas, CTO, co-founder and cryptographer who developed Apple's Whole Disk Encryption and more] have discussed this and we feel we must do something. That something is that in the relatively near future, we will implement a non-NIST cipher suite."
Silent Circle is moving away from the current absolute standard in encryption, the Advanced Encryption Standard (AES), which was developed as an entry in an NSA-sponsored competition. "We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement", says Callas.
Twofish was one of the five finalists in the NSA competition, but rejected by the NSA who preferred AES. Perhaps more tellingly, Twofish was developed by a team led by Bruce Schneier, now a director at the EFF.
"This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure", concludes Callas. "It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs."