Hi, Probably everyone knows by now that Dual_EC_DRBG got some bad reputation lately: http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
Matthew Green points out that OpenSSL is one of the few libs that actually implements Dual_EC_DRBG: https://twitter.com/matthew_d_green/status/377946072532140032 https://twitter.com/matthew_d_green/status/377946680395845633 I am not familiar with the details, but want to bring it up for discussion here. Maybe it should be disabled or at least discouraged in the docs. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
signature.asc
Description: PGP signature
