[149071] in cryptography@c2.net mail archive
Re: [Cryptography] Boing Boing pushing an RSA Conference boycott
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Wed Jan 15 23:53:44 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAM4zynimaRM7FokL898jFHDTyWXkP+ZxFP5ov9d8esuLozkofg@mail.gmail.com>
Date: Wed, 15 Jan 2014 15:48:59 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jonathan Hunt <j@me.net.nz>
Cc: "Salz, Rich" <rsalz@akamai.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2518853575088328315==
Content-Type: multipart/alternative; boundary=001a11336d902cdd6e04f00870f6
--001a11336d902cdd6e04f00870f6
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Jan 15, 2014 at 2:24 PM, Jonathan Hunt <j@me.net.nz> wrote:
> Oh come on. Here is Schneier in 2007 linking to a presentation by 2
> very respected cryptographers (Shumow, Ferguson) demonstrating their
> ability to backdoor Dual EC by choosing the constants. This was a bad
> of a break of an RNG as you could possibly hope to see.
> https://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
>
> You can choose between explaining RSA's actions as (evil) selling out
> their customers or genuine incompetence at their stated core business.
> But the results above were well-known in the security community since
> 2007 and demonstrated a practical possibility that Dual EC was
> backdoored. From 2008 onwards, leaving Dual EC (with default
> constants) as the default choice for a cryptographic library is not a
> defensible choice.
>
> Jonny
>
> On Wed, Jan 15, 2014 at 10:29 AM, Salz, Rich <rsalz@akamai.com> wrote:
> >> Also, we have the fact that they ignored the warnings that came out
> about DUAL_EC, from around 2007 - 2013.
> >> In short, their highly regarded cryptographic experts were not
> deployed, not available, not on that job.
> >
> > Perhaps their experts had different opinions. Or perhaps the marketing
> literature you quoted was somewhat exaggerated; wow, like that's never
> happened before.
> >
> > It's easy to look backwards and say "they must have been evil." But
> unless you were there, or can read minds, that's just an opinion.
>
What then should we do about all the folk clinging to 3DES? How about the
people who stuck with MD5? How about the people who have not junked SHA-1?
Rather than compiling lists of people who should be drummed out of the
industry for bad decisions their companies made in the past, how about
compiling a list of proposals for things that you think people should get
drummed out for in the future?
I remember back in the day when I was having a USENET flame war with Dennis
Richie over the then UNIX policy of keeping the password file world
readable. It didn't take them very long to change in the wake of crack
(which arrived a few months later). But boy did they cling to their
religion hard. I should have taken a drive down to the Vatican and got John
Paul II to change his policy on abortion and birth control. It would have
been easier and more chance of success.
--
Website: http://hallambaker.com/
--001a11336d902cdd6e04f00870f6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Jan 15, 2014 at 2:24 PM, Jonathan Hunt <span dir=3D"ltr">&l=
t;<a href=3D"mailto:j@me.net.nz" target=3D"_blank">j@me.net.nz</a>></spa=
n> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Oh come on. Here is Schneier in 2007 linking=
to a presentation by 2<br>
very respected cryptographers (Shumow, Ferguson) demonstrating their<br>
ability to backdoor Dual EC by choosing the constants. This was a bad<br>
of a break of an RNG as you could possibly hope to see.<br>
<a href=3D"https://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.h=
tml" target=3D"_blank">https://www.schneier.com/blog/archives/2007/12/dual_=
ec_drbg_ad.html</a><br>
<br>
You can choose between explaining RSA's actions as (evil) selling out<b=
r>
their customers or genuine incompetence at their stated core business.<br>
But the results above were well-known in the security community since<br>
2007 and demonstrated a practical possibility that Dual EC was<br>
backdoored. From 2008 onwards, leaving Dual EC (with default<br>
constants) as the default choice for a cryptographic library is not a<br>
defensible choice.<br>
<br>
Jonny<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On Wed, Jan 15, 2014 at 10:29 AM, Salz, Rich <<a href=3D"mailto:rsalz@ak=
amai.com">rsalz@akamai.com</a>> wrote:<br>
>> Also, we have the fact that they ignored the warnings that came ou=
t about DUAL_EC, from around 2007 - 2013.<br>
>> In short, their highly regarded cryptographic experts were not dep=
loyed, not available, not on that job.<br>
><br>
> Perhaps their experts had different opinions. Or perhaps the marketing=
literature you quoted was somewhat exaggerated; wow, like that's never=
happened before.<br>
><br>
> It's easy to look backwards and say "they must have been evil=
." =A0But unless you were there, or can read minds, that's just an=
opinion.<br></div></div></blockquote><div><br></div><div>What then should =
we do about all the folk clinging to 3DES? How about the people who stuck w=
ith MD5? How about the people who have not junked SHA-1?</div>
<div><br></div><div>Rather than compiling lists of people who should be dru=
mmed out of the industry for bad decisions their companies made in the past=
, how about compiling a list of proposals for things that you think people =
should get drummed out for in the future?</div>
<div><br></div><div>I remember back in the day when I was having a USENET f=
lame war with Dennis Richie over the then UNIX policy of keeping the passwo=
rd file world readable. It didn't take them very long to change in the =
wake of crack (which arrived a few months later). But boy did they cling to=
their religion hard. I should have taken a drive down to the Vatican and g=
ot John Paul II to change his policy on abortion and birth control. It woul=
d have been easier and more chance of success.</div>
<div><br></div><div>=A0</div></div>-- <br>Website: <a href=3D"http://hallam=
baker.com/">http://hallambaker.com/</a><br>
</div></div>
--001a11336d902cdd6e04f00870f6--
--===============2518853575088328315==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2518853575088328315==--
