Computing related collection of stuff

Yay for GNU Freedom. Recently I ran over a discussion where there were some concerns about the viability of using "binary blobs" in an implementation of the AES algorithm.

Sure, there’s a table in it, 256 elements wide, with some weird numbers in it. What is that table? It’s an S-Box, one of the central pieces of every algorithm that’s based on the Feistel cipher. AES is such an algorithm.

When looking in the the spec (FIPS-197), you can see (on page 16) that they’re defined just like that: a table of values to use. Where do this numbers come from? Probably some NSA office, where some mad scientist (just like you’d image, probably) took the hints from page 26 of the proposal (or not) and shuffled a box with 256 numbers, and carefully placed them in a 16x16 square (think of lottery)…

Seriously, those guys tend to know things about crypto that they prefer to not talk about. And they knew 1975, 15 years before the rest of the world figured it out, that random placement of those numbers in that square is not a good idea, as proved by their work on DES.

So please, those numbers are necessary, and they’re necessarily in this order (as otherwise you’d get a different algorithm), and they very likely in exactly that layout for a good reason. Reading up on crypto algorithms even tells you what to do with them, and the current form and shape of such arrays is more than enough for modification…

But why would you want to modify it?

After DIN (German national standardization body) voted in favor of OOXML, I looked for details on their website - They had an announcement, but not really in-depth information. What I found, however, was a contact form.

Given how some of those contact forms do not seem to reach a human (see my Qt inquiry), I didn’t hope for too much, but still spent some time writing down the questions I had. That was yesterday.

Today, just a bit more than 24 hours later, I got a response. Not too detailed, as some internal things shall stay internal, it seems, but definitely no templates, but some real human writing real answers.

I guess a proper summary of that answer is, that some of them wondered about the various issues that surround OOXML’s standardization effort (Fast track, two standards for one purpose, etc) and asked back at ISO. When it became clear that ISO will push this forward, they moved on with debating the standard according to procedures - what else should they do?

It seems that they expect more work (and probably changes) based on comments from the national bodies later-on in the process. I only hope that this expectation stays true!

The mail also stated that it’s possible for individuals to participate at the national level. I really have to look into this for future standardization efforts.

(Oh, and now that you know that they have real humans behind those contact forms, please fight the urge to spam them. Thanks)