[146592] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Tim Dierks)
Thu Sep 5 17:17:14 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130905165751.3a7b474f@jabberwock.cb.piermont.com>
From: Tim Dierks <tim@dierks.org>
Date: Thu, 5 Sep 2013 17:14:39 -0400
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5445823559323218083==
Content-Type: multipart/alternative; boundary=089e013d19cc20e73304e5a96a3b
--089e013d19cc20e73304e5a96a3b
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On Thu, Sep 5, 2013 at 4:57 PM, Perry E. Metzger <perry@piermont.com> wrote=
:
> On Thu, 5 Sep 2013 16:53:15 -0400 "Perry E. Metzger"
> <perry@piermont.com> wrote:
> > > Anyone recognize the standard?
> >
> > Please say it aloud. (I personally don't recognize the standard
> > offhand, but my memory is poor that way.)
>
> There is now some speculation in places like twitter that this refers
> to Dual_EC_DRBG though I was not aware that was widely enough deployed
> to make a huge difference here, and am not sure which international
> group is being mentioned. I would be interested in confirmation.
I believe it is Dual_EC_DRBG. The ProPublica
story<http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-u=
ndermine-internet-encryption>says:
Classified N.S.A. memos appear to confirm that the fatal weakness,
discovered by two Microsoft cryptographers in 2007, was engineered by the
agency. The N.S.A. wrote the standard and aggressively pushed it on the
international group, privately calling the effort =93a challenge in finesse=
.=94
This appears to describe the NIST SP 800-90 situation pretty precisely. I
found Schneier's contemporaneous article to be good at refreshing my
memory:
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/s=
ecuritymatters_1115
- Tim
--089e013d19cc20e73304e5a96a3b
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
hu, Sep 5, 2013 at 4:57 PM, Perry E. Metzger <span dir=3D"ltr"><<a href=
=3D"mailto:perry@piermont.com" target=3D"_blank">perry@piermont.com</a>>=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">On Thu, 5 Sep 2013 16:53:15 -0400 "=
Perry E. Metzger"<br>
<<a href=3D"mailto:perry@piermont.com">perry@piermont.com</a>> wrote:=
<br>> > Anyone recognize the standard?<br>
><br>
> Please say it aloud. (I personally don't recognize the standard<br=
>
> offhand, but my memory is poor that way.)<br>
<br>
</div>There is now some speculation in places like twitter that this refers=
<br>
to Dual_EC_DRBG though I was not aware that was widely enough deployed<br>
to make a huge difference here, and am not sure which international<br>
group is being mentioned. I would be interested in confirmation.</blockquot=
e><div><br></div>I believe it is=A0<span style=3D"font-family:arial,sans-se=
rif;font-size:13px">Dual_EC_DRBG. The <a href=3D"http://www.propublica.org/=
article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption">Pr=
oPublica story</a> says:</span></div>
</div><blockquote style=3D"margin:0px 0px 0px 40px;border:none;padding:0px"=
><div class=3D"gmail_extra"><div class=3D"gmail_quote">Classified N.S.A. me=
mos appear to confirm that the fatal weakness, discovered by two Microsoft =
cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the =
standard and aggressively pushed it on the international group, privately c=
alling the effort =93a challenge in finesse.=94=A0</div>
</div></blockquote><div class=3D"gmail_extra"><div class=3D"gmail_quote">Th=
is appears to describe the NIST SP 800-90 situation pretty precisely. I fou=
nd Schneier's contemporaneous article to be good at refreshing my memor=
y:=A0<a href=3D"http://www.wired.com/politics/security/commentary/securitym=
atters/2007/11/securitymatters_1115">http://www.wired.com/politics/security=
/commentary/securitymatters/2007/11/securitymatters_1115</a></div>
<div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">=A0- Tim</d=
iv></div></div>
--089e013d19cc20e73304e5a96a3b--
--===============5445823559323218083==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5445823559323218083==--
