[149067] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [Cryptography] Boing Boing pushing an RSA Conference boycott

daemon@ATHENA.MIT.EDU (Jonathan Hunt)
Wed Jan 15 14:41:46 2014

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C711E91F9E01@USMBX1.msg.corp.akamai.com>
From: Jonathan Hunt <j@me.net.nz>
Date: Wed, 15 Jan 2014 11:24:27 -0800
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

Oh come on. Here is Schneier in 2007 linking to a presentation by 2
very respected cryptographers (Shumow, Ferguson) demonstrating their
ability to backdoor Dual EC by choosing the constants. This was a bad
of a break of an RNG as you could possibly hope to see.
https://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html

You can choose between explaining RSA's actions as (evil) selling out
their customers or genuine incompetence at their stated core business.
But the results above were well-known in the security community since
2007 and demonstrated a practical possibility that Dual EC was
backdoored. From 2008 onwards, leaving Dual EC (with default
constants) as the default choice for a cryptographic library is not a
defensible choice.

Jonny

On Wed, Jan 15, 2014 at 10:29 AM, Salz, Rich <rsalz@akamai.com> wrote:
>> Also, we have the fact that they ignored the warnings that came out about DUAL_EC, from around 2007 - 2013.
>> In short, their highly regarded cryptographic experts were not deployed, not available, not on that job.
>
> Perhaps their experts had different opinions. Or perhaps the marketing literature you quoted was somewhat exaggerated; wow, like that's never happened before.
>
> It's easy to look backwards and say "they must have been evil."  But unless you were there, or can read minds, that's just an opinion.
>
> --
> Principal Security Engineer
> Akamai Technology
> Cambridge, MA
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
home help back first fref pref prev next nref lref last post