Stupid disclosure policies are coming too [LWN.net]

Stupid disclosure policies are coming too

Posted May 3, 2026 13:25 UTC (Sun) by ballombe (subscriber, #9523)
In reply to: Stupid disclosure policies are coming too by bjackman
Parent article: Eden: NHS goes to war against open source

They might have consulted military security experts. This is a typical reaction.

Stupid disclosure policies are coming too

Posted May 7, 2026 1:41 UTC (Thu) by davecb (subscriber, #1574) [Link] (1 responses)

They might have consulted military security experts. This is a typical reaction.

The military isn't that stupid. They (we) balance needs. For example, "Flash" messages, indicating you had encountered the enemy, were immediately sent, unencrypted . The enemy, you understand, knew you were there from all the bullets whizzing by.

Other messages, where security was more important than immediacy, were encrypted.
Modern radios have fairly good real-time scrambling/frequency-hopping via the SAVILLE algorithm, so you get immediacy as well as some security.

I'll bet a whole nickel they've been talking to proprietary-security vendors.

Stupid disclosure policies are coming too

Posted May 15, 2026 5:28 UTC (Fri) by cypherpunks2 (guest, #152408) [Link]

> Modern radios have fairly good real-time scrambling/frequency-hopping via the SAVILLE algorithm, so you get immediacy as well as some security.

Emphasis on "some". SAVILLE being used today is a perfect example of how backwards the military is and how poor their security culture is. It's a cipher from the 60s when cryptography was in its absolute infancy, and I can almost guarantee that it's quite trivially breakable. To put it into perspective, it was designed before linear OR differential cryptanalysis where discovered. I'd feel safer even using something as broken as RC4 than SAVILLE.

BATON is surely a lot better. I doubt it can be broken in realtime, but it's unlikely to be better than AES.