On Thu, 5 Sep 2013 19:14:53 -0400 John Kelsey <crypto....@gmail.com> wrote: > First, I don't think it has anything to do with Dual EC DRGB. Who > uses it?
It did *seem* to match the particular part of the story about a subverted standard that was complained about by Microsoft researchers. I would not claim that it is the most important part of the story. > My impression is that most of the encryption that fits what's in > the article is TLS/SSL. Yes, and if they have a real hole there they're exploiting, that is quite disturbing. If they're merely using a hodge-podge of techniques to get keys, it is less worrying. > Where do the world's crypto random numbers come from? My guess is > some version of the Windows crypto api and /dev/random > or /dev/urandom account for most of them. I'm starting to think that I'd probably rather type in the results of a few dozen die rolls every month in to my critical servers and let AES or something similar in counter mode do the rest. A d20 has a bit more than 4 bits of entropy. I can get 256 bits with 64 die rolls, or, if I have eight dice, 16 rolls of the group. If I mistype when entering the info, no harm is caused. The generator can be easily tested for correct behavior if it is simply a block cipher. > What does most of the world's TLS? OpenSSL and a few other > libraries, is my guess. But someone must have good data about this. > > My broader question is, how the hell did a sysadmin in Hawaii get > hold of something that had to be super secret? He must have been > stealing files from some very high ranking people. I believe there was already discussion in the press on that latter point, but I think it is less germane to our discussion here and would prefer that we avoid speculating on things that are only of human/gossip interest. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography