On 24 September 2013 17:01, Jerry Leichter <leich...@lrw.com> wrote: > On Sep 23, 2013, at 4:20 AM, ianG <i...@iang.org> wrote:
>>> ... But they made Dual EC DRBG the default ... >> >> At the time this default was chosen (2005 or thereabouts), it was *not* a >> "mistake". https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html "Problems with Dual_EC_DRBG were first described in early 2006" With hindsight, it was definitely a mistake. The questions are whether they could or should have known it was a mistake at the time and whether the NSA played any part in the mistake, and whether they should have warned users and changed the default well before now. -- alan.bragg...@gmail.com http://www.chiark.greenend.org.uk/~armb/ _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography