[privacy] Did NSA Put a Secret Backdoor in New Encryption Standard?

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bruce Schneier writes on Wired News' "Security Matters":

[snip]

The U.S. government released a new official standard for random-number
generators this year, and it will likely be followed by software and
hardware developers around the world. Called NIST Special Publication
800-90 [.pdf], the 130-page document contains four different approved
techniques, called DRBGs, or "Deterministic Random Bit Generators." All
four are based on existing cryptographic primitives. One is based on hash
functions, one on HMAC, one on block ciphers and one on elliptic curves.
It's smart cryptographic design to use only a few well-trusted
cryptographic primitives, so building a random-number generator out of
existing parts is a good thing.

But one of those generators -- the one based on elliptic curves -- is not
like the others. Called Dual_EC_DRBG, not only is it a mouthful to say,
it's also three orders of magnitude slower than its peers. It's in the
standard only because it's been championed by the NSA, which first proposed
it years ago in a related standardization project at the American National
Standards Institute.

[snip]

More:
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/s
ecuritymatters_1115

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHO8Y4q1pz9mNUZTMRAk65AKCrYMm1kgDF1MFv2USU65+r3berkACgxfzt
pwUnkhIXiwEcGzYVVn5igA4=
=JW1D
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy