Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting removal of CFRG co-chair]
Henrick Hellström <henrick@streamsec.se> Fri, 27 December 2013 20:58 UTC
Return-Path: <henrick@streamsec.se>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F16CB1AE555 for <cfrg@ietfa.amsl.com>; Fri, 27 Dec 2013 12:58:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.45
X-Spam-Level: *
X-Spam-Status: No, score=1.45 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Acux-dL-HLan for <cfrg@ietfa.amsl.com>; Fri, 27 Dec 2013 12:58:56 -0800 (PST)
Received: from vsp4.ballou.se (vsp4.ballou.se [91.189.40.102]) by ietfa.amsl.com (Postfix) with SMTP id C0F511AE554 for <cfrg@irtf.org>; Fri, 27 Dec 2013 12:58:54 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp4.ballou.se (Halon Mail Gateway) with ESMTP for <cfrg@irtf.org>; Fri, 27 Dec 2013 21:58:47 +0100 (CET)
Received: from [192.168.0.195] (c-a2c1e555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.193.162]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 9E5A011CE66 for <cfrg@irtf.org>; Fri, 27 Dec 2013 21:58:47 +0100 (CET)
Message-ID: <52BDE9F0.1010809@streamsec.se>
Date: Fri, 27 Dec 2013 21:58:24 +0100
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <810C31990B57ED40B2062BA10D43FBF5C18718@XMB116CNC.rim.net> <20131227190907.GA23840@netbook.cypherspace.org> <810C31990B57ED40B2062BA10D43FBF5C187DC@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF5C187DC@XMB116CNC.rim.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting removal of CFRG co-chair]
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Dec 2013 20:58:58 -0000
On 2013-12-27 21:43, Dan Brown wrote: >> We have confirmation of RSA (inadvertently or not) >> >accepting money to put a EC_DRBG as a default. > My conclusion was regarding the standards, per se, not about > implementations. I was not drawing any conclusions about implementations. I think that is a mistake. It is a problem if a library that is widely used and even got certified, are using default parameters that are potentially backdoored. The relevant question isn't whether *any* standard compliant implementation will have a backdoor, but if it is possible to have a backdoor in an implementation and still get it certified. That said, I am not entirely convinced NSA actually intended to put a backdoor in Dual EC DRBG, or rather, that this standard was part of the SIGINT enabling program. For all I know, it could just as well be a case of them generating the parameters randomly because they for some reason didn't trust the usual binary expansion of pi approach.
- [Cfrg] Dual_EC_DRBG ... [was RE: Requesting remov… Dan Brown
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Adam Back
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Santosh Chokhani
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Adam Back
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Dan Brown
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Henrick Hellström
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… David McGrew
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Dan Harkins
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Dan Brown
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Watson Ladd
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… David McGrew
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… Watson Ladd
- Re: [Cfrg] Dual_EC_DRBG Alyssa Rowan
- Re: [Cfrg] Dual_EC_DRBG ... [was RE: Requesting r… David McGrew
- Re: [Cfrg] Dual_EC_DRBG Dan Brown
- Re: [Cfrg] Dual_EC_DRBG Watson Ladd