[147416] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [Cryptography] [cryptography] are ECDSA curves provably not

daemon@ATHENA.MIT.EDU (Tony Arcieri)
Tue Oct 1 16:18:19 2013

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <7607ECFD-A532-4D34-9018-9438DB34997E@goldmark.org>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 1 Oct 2013 13:10:32 -0700
To: Jeffrey Goldberg <jeffrey@goldmark.org>
Cc: John Kelsey <crypto.jmk@gmail.com>,
	cryptography <cryptography@metzdowd.com>,
	Gregory Maxwell <gmaxwell@gmail.com>, Adam Back <adam@cypherspace.org>,
	Crypto List <cryptography@randombit.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

--===============6962056910016419409==
Content-Type: multipart/alternative; boundary=bcaec547ca15ac669004e7b38c6b

--bcaec547ca15ac669004e7b38c6b
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 1, 2013 at 12:00 PM, Jeffrey Goldberg <jeffrey@goldmark.org>wro=
te:

> If the NSA had the capability to pick weak curves while covering their
> tracks in such a way, why wouldn=92t they have pulled the same trick with
> Dual_EC_DRBG?
>

<tinfoilhat>They wanted us to think they were incompetent, so we would
expect that Dual_EC_DRBG was their failed attempt to tamper with a
cryptographic standard, and so we would overlook the more sinister and
subtle attempts to tamper with the NIST curves</tinfoilhat>

--=20
Tony Arcieri

--bcaec547ca15ac669004e7b38c6b
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Tue, Oct 1, 2013 at 12:00 PM, Jeffrey Goldberg <span di=
r=3D"ltr">&lt;<a href=3D"mailto:jeffrey@goldmark.org" target=3D"_blank">jef=
frey@goldmark.org</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div =
class=3D"gmail_quote">

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im"><span style=3D"color:rgb(3=
4,34,34)">If the NSA had the capability to pick weak curves while covering =
their tracks in such a way, why wouldn=92t they have pulled the same trick =
with Dual_EC_DRBG?</span></div>

</blockquote><div><br></div><div>&lt;tinfoilhat&gt;They wanted us to think =
they were incompetent, so we would expect that Dual_EC_DRBG was their faile=
d attempt to tamper with a cryptographic standard, and so we would overlook=
 the more sinister and subtle attempts to tamper with the NIST curves&lt;/t=
infoilhat&gt;=A0</div>

</div><div><br></div>-- <br>Tony Arcieri<br>
</div></div>

--bcaec547ca15ac669004e7b38c6b--

--===============6962056910016419409==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6962056910016419409==--
home help back first fref pref prev next nref lref last post