[146821] in cryptography@c2.net mail archive
Re: [Cryptography] Bruce Schneier has gotten seriously spooked
daemon@ATHENA.MIT.EDU (james hughes)
Sun Sep 8 13:22:00 2013
X-Original-To: cryptography@metzdowd.com
In-reply-to: <522BD341.9050504@echeque.com>
From: james hughes <hughejp@mac.com>
Date: Sun, 08 Sep 2013 10:02:34 -0700
To: "jamesd@echeque.com" <jamesd@echeque.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8411794128306101790==
Content-transfer-encoding: 7bit
Content-type: multipart/alternative;
boundary=Apple-Mail-0AE33113-21B4-4EE1-A6EB-3888739D30B6
--Apple-Mail-0AE33113-21B4-4EE1-A6EB-3888739D30B6
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
On Sep 7, 2013, at 6:30 PM, "James A. Donald" <jamesd@echeque.com> wrote:
> On 2013-09-08 4:36 AM, Ray Dillinger wrote:
>>=20
>> But are the standard ECC curves really secure? Schneier sounds like he's g=
ot
>> some innovative math in his next paper if he thinks he can show that they=
>> aren't.
>=20
> Schneier cannot show that they are trapdoored, because he does not know wh=
ere the magic numbers come from.
>=20
> To know if trapdoored, have to know where those magic numbers come from.
That will not work....
When the community questioned the source of the DES S boxes, Don Coppersmith=
and Walt Tuchman if IBM at the time openly discussed the how they were gene=
rated and it still did not quell the suspicion. I bet there are many that st=
ill believe DES has an yet to be determined backdoor.=20
There is no way to prove the absence of a back door, only to prove or argue t=
hat a backdoor exists with (at least) a demonstration or evidence one is bei=
ng used. Was there any hint in the purloined material to this point? There s=
eems to be the opposite. TLS using ECC is not common on the Internet (See "R=
on was wrong, Whit is right"). If there is a vulnerability in ECC it is not t=
he source of today's consternation. (ECC is common on ssh, see "Mining Your P=
s and Qs: Detection of Widespread Weak Keys in Network Devices")
I will be looking forward to Bruce's next paper.
--Apple-Mail-0AE33113-21B4-4EE1-A6EB-3888739D30B6
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div><br></div><div><br>On Sep 7, 2013, at 6=
:30 PM, "James A. Donald" <<a href=3D"mailto:jamesd@echeque.com">jamesd@e=
cheque.com</a>> wrote:<br><br></div><blockquote type=3D"cite"><div><span>=
On 2013-09-08 4:36 AM, Ray Dillinger wrote:</span><br><blockquote type=3D"ci=
te"><span></span><br></blockquote><blockquote type=3D"cite"><span>But are th=
e standard ECC curves really secure? Schneier sounds like he's got</span><br=
></blockquote><blockquote type=3D"cite"><span>some innovative math in his ne=
xt paper if he thinks he can show that they</span><br></blockquote><blockquo=
te type=3D"cite"><span>aren't.</span><br></blockquote><span></span><br><span=
>Schneier cannot show that they are trapdoored, because he does not know whe=
re the magic numbers come from.</span><br><span></span><br><span>To know if t=
rapdoored, have to know where those magic numbers come from.</span><br></div=
></blockquote><br><div>That will not work....</div><div><br></div><div>When t=
he community questioned the source of the DES S boxes, Don Coppersmith and W=
alt Tuchman if IBM at the time openly discussed the how they were generated a=
nd it still did not quell the suspicion. I bet there are many that still bel=
ieve DES has an yet to be determined backdoor. </div><div><br></div><di=
v>There is no way to prove the absence of a back door, only to prove or argu=
e that a backdoor exists with (at least) a demonstration or evidence one is b=
eing used. Was there any hint in the purloined material to this point? T=
here seems to be the opposite. TLS using ECC is not common on the Internet (=
See "Ron was wrong, Whit is right"). If there is a vulnerability in ECC it i=
s not the source of today's consternation. (ECC is common on ssh, see "<span=
style=3D"font-family: NimbusRomNo9L; font-size: 14pt; ">Mining Your Ps and Q=
s: Detection of
Widespread Weak Keys in Network Devices</span>")</div><div><br></div><div>I w=
ill be looking forward to Bruce's next paper.</div><div><br></div></body></h=
tml>=
--Apple-Mail-0AE33113-21B4-4EE1-A6EB-3888739D30B6--
--===============8411794128306101790==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8411794128306101790==--
