On Tue, 10 Sep 2013 00:25:20 +0100 Peter Fairbrother <zenadsl6...@zen.co.uk> wrote: > On 09/09/13 23:03, Perry E. Metzger wrote: > > >> On Mon, 9 Sep 2013, Daniel wrote: > >> [...] They are widely used curves and thus a good way to reduce > >> conspiracy theories that they were chosen in some malicious way > >> to subvert DRBG. > > > > Er, don't we currently have documents from the New York Times and > > the Guardian that say that in fact they *did* subvert them? > > > > Yes, a week ago this was paranoia, but now we have confirmation, > > so it is no longer paranoia. > > I did not see that, and as far as I can tell there is no actual > confirmation.
Quoting: Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all This has generally been accepted to only match the NIST ECC RNG standard, i.e. Dual_EC_DRBG, with the critique in question being "On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng" which may be found here: http://rump2007.cr.yp.to/15-shumow.pdf Do you have an alternative theory? Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography