[147277] in cryptography@c2.net mail archive
Re: [Cryptography] RSA recommends against use of its own products.
daemon@ATHENA.MIT.EDU (ianG)
Tue Sep 24 09:44:28 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Sep 2013 11:20:53 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <E3E4563E-9721-4A31-9C7C-3B9BE10DD7AB@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 22/09/13 16:43 PM, Jerry Leichter wrote:
> On Sep 20, 2013, at 2:08 PM, Ray Dillinger wrote:
>> More fuel for the fire...
>>
>> http://rt.com/usa/nsa-weak-cryptography-rsa-110/
>>
>> RSA today declared its own BSAFE toolkit and all versions of its
>> Data Protection Manager insecure, recommending that all customers
>> immediately discontinue use of these products....
> Wow. You took as holy writ on a technical matter a pronouncement of the general press.
Etc. Yes, we expect the company to declare itself near white, and the
press to declare it blacker than the ace of spaces.
Meanwhile, this list is about those who know how to analyse this sort of
stuff, independently. So...
> ... But they made Dual EC DRBG the default ...
I don't see a lot of distance between choosing Dual_EC as default, and
the conclusion that BSAFE & user-systems are insecure.
The question that remains is, was it an innocent mistake, or were they
influenced by NSA?
We don't have much solid evidence on that. But we can draw the dots,
and a reasonable judgement can fill the missing pieces in.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography