IETF Logo Mail Archive

Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting removal of CFRG co-chair]

Adam Back <adam@cypherspace.org> Fri, 27 December 2013 19:09 UTC

Return-Path: <adam@cypherspace.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77A561AE22B for <cfrg@ietfa.amsl.com>; Fri, 27 Dec 2013 11:09:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.146
X-Spam-Level: **
X-Spam-Status: No, score=2.146 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aop3_gfz7tVa for <cfrg@ietfa.amsl.com>; Fri, 27 Dec 2013 11:09:26 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id E0AB61ADF31 for <cfrg@irtf.org>; Fri, 27 Dec 2013 11:09:25 -0800 (PST)
Received: from netbook (88-105-4-68.dynamic.dsl.as9105.com [88.105.4.68]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0M1WMb-1VcM2S107V-00u4gR; Fri, 27 Dec 2013 14:09:18 -0500
Received: by netbook (Postfix, from userid 1000) id 3F5032E283A; Fri, 27 Dec 2013 20:09:10 +0100 (CET)
Received: by flare (hashcash-sendmail, from uid 1000); Fri, 27 Dec 2013 20:09:08 +0100
Date: Fri, 27 Dec 2013 20:09:07 +0100
From: Adam Back <adam@cypherspace.org>
To: Dan Brown <dbrown@certicom.com>
Message-ID: <20131227190907.GA23840@netbook.cypherspace.org>
References: <810C31990B57ED40B2062BA10D43FBF5C18718@XMB116CNC.rim.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Disposition: inline
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF5C18718@XMB116CNC.rim.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Hashcash: 1:20:131227:dbrown@certicom.com::yO+2RrIaCbnJy0YY:000000000000000000 00000000000000000000000008ps
X-Hashcash: 1:20:131227:akr@akr.io::LaQGrjEwtMmFYcWn:00000004iXA
X-Hashcash: 1:20:131227:cfrg@irtf.org::9r51xVZDk6xy3vyg:00007QPC
X-Hashcash: 1:20:131227:adam@cypherspace.org::b4C45gtZoc2z7+Dt:00000000000000000 0000000000000000000000000TFi
X-Provags-ID: V02:K0:54YtCD7B+2vnBYqSTJ6sk0w9s0XxaaEege0xRrDJypI EDCzgsfyQYsLMM2Z0oQylYgbwf5bIduHtW7C6gImg+UVbXoVUe ogpmW4fSgvQyZmZ8DkE1Eg8cptozYRVUtTP8od/e/lEjNPdVEI R2qYYemmITSWi10u2WYPZ2ptugir/biGA+C4kiXLF/wDL9BEp9 mkWHQrh4Bl4SQ9Z+zwvep1DjZtEUT+ZaFAf5/HIjs0D+mgshke Zb5/30xgJ+9H4J1O9aspXuZVD4cENPNu1mMVOxIj901eX/osGr UUIsTZcmg9MgZGNwV8EBSTPyQ/YiDGo36lDqyJceUqWeldrERy A2fQXr5qcgR6iS0rTNxmIPfJc+eQNatqXx0mxvzy1
Cc: Adam Back <adam@cypherspace.org>, "'cfrg@irtf.org'" <cfrg@irtf.org>
Subject: Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting removal of CFRG co-chair]
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Dec 2013 19:09:27 -0000

Dan Brown wrote:
> [...]
> 8. All considered, I don't see how the ANSI and NIST standards for
> Dual_EC_DRBG can be viewed as a subverted standard, per se.

Of course they're subverted.  We have Ferguson et al show how they could be
backdoored.  We have internal NSA documents reported as talking about the
subversion.  We have confirmation of RSA (inadvertently or not) accepting
money to put a EC_DRBG as a default.  You yourself just said the validation
labs are demanding the backdoored P & Q be used (and rejecting the provably
uncooked implemented chosen parameters presumably).  NIST put the standard
forward (inadvertently or not) from NSA input.

I am non-plussed at what you could be trying to say with the above
statement.

Adam

v2.23.0 | Report a Bug | By Email