[147288] in cryptography@c2.net mail archive
Re: [Cryptography] RSA recommends against use of its own products.
daemon@ATHENA.MIT.EDU (Alan Braggins)
Wed Sep 25 18:20:34 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <A910B4EF-6D63-4EBE-AB4A-D63EB2494F49@lrw.com>
Date: Wed, 25 Sep 2013 15:45:45 +0100
From: Alan Braggins <alan.braggins@gmail.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 24 September 2013 17:01, Jerry Leichter <leichter@lrw.com> wrote:
> On Sep 23, 2013, at 4:20 AM, ianG <iang@iang.org> wrote:
>>> ... But they made Dual EC DRBG the default ...
>>
>> At the time this default was chosen (2005 or thereabouts), it was *not* a "mistake".
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
"Problems with Dual_EC_DRBG were first described in early 2006"
With hindsight, it was definitely a mistake. The questions are whether
they could or should
have known it was a mistake at the time and whether the NSA played any
part in the mistake,
and whether they should have warned users and changed the default well
before now.
--
alan.braggins@gmail.com
http://www.chiark.greenend.org.uk/~armb/
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
