On Thu, Sep 12, 2013, Hanno Bck wrote: > Hi, > > Probably everyone knows by now that Dual_EC_DRBG got some bad reputation > lately: > http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115 > > Matthew Green points out that OpenSSL is one of the few libs that > actually implements Dual_EC_DRBG: > https://twitter.com/matthew_d_green/status/377946072532140032 > https://twitter.com/matthew_d_green/status/377946680395845633 > > I am not familiar with the details, but want to bring it up for > discussion here. Maybe it should be disabled or at least discouraged in > the docs. >
See the thread on openssl-users on this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
