On Nov 1, 2013, at 7:57 AM, Derek Atkins <de...@ihtfp.com> wrote: > It is unclear to me that ECC as a generic technology is bad, although > any specific curves creates by NIST/NSA are certainly suspect. > > Having said that, Dual-EC-DRBG is a Random Number Generator, not a Hash, > Public Key, or Cipher algorithm, and we don't use it in DNS for > anything, AFAIK.
Random Number Generators are used to generate the key material, since bare entropy is often not enough, so you use your entropy pool to seed a pRNG. Bind, for example, ends up using OpenSSL. Certified versions of OpenSSL do have Dual_EC_DRBG, although its not by default (or is it?). The threat is probably a lot less, however, since everything else signed in DNSSEC-land is deterministic, and even if Dual_EC_DRBG was used, hopefully the raw stream doesn't leak (the backdoor requires seeing some of the random output to make it predictable). -- Nicholas Weaver it is a tale, told by an idiot, nwea...@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
