[148624] in cryptography@c2.net mail archive
Re: [Cryptography] RSA is dead.
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Mon Dec 23 10:35:11 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 03:33:42 -0500
From: William Allen Simpson <william.allen.simpson@gmail.com>
To: cryptography moderated list <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
http://www.theregister.co.uk/2013/12/23/rsa_nsa_response/
"We made the decision to use Dual EC DRBG as the default in
BSAFE toolkits in 2004, in the context of an industry-wide
effort to develop newer, stronger methods of encryption. At
that time, the NSA had a trusted role in the community-wide
effort to strengthen, not weaken, encryption."
The NSA has *NEVER* been trusted to strengthen security!
Have we forgotten their multi-year effort in the '90s to suborn
key management? 40-bit keys? Weakening IPsec? Trying to
prevent SSH from distribution?
"The carefully worded post, which avoids discussing whether or
not the company actually took the NSA's $10m, ...."
That itself is an indictment of RSA. If they are concealing
taking money, then they knew it was wrong.
It's time to DigiNotar RSA.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
