|
Title: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: scomil on October 02, 2012, 05:02:45 PM http://www.cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard
"But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute." Anything to worry about? Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: notme on October 02, 2012, 05:08:41 PM Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: kiba on October 02, 2012, 05:14:13 PM NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.
Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: Raoul Duke on October 02, 2012, 05:26:59 PM NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid. Human history is full of stupid, you know? Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: foggyb on October 02, 2012, 05:58:56 PM NSA is not always an evil organization..... Well that's comforting. Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: Foxpup on October 02, 2012, 08:03:09 PM The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard.
Anything to worry about? Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: scomil on October 02, 2012, 08:40:02 PM The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard. Anything to worry about? Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.Thank you. Answer I was looking for. Satoshi sure knew his stuff. Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: picobit on October 03, 2012, 08:02:02 AM Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor. So there is a backdoor, and you know what it is? ;D Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: Foxpup on October 03, 2012, 08:38:07 AM So there is a backdoor, and you know what it is? ;D There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there?Title: Re: Did NSA Put a Secret Backdoor in New Encryption Standard? Post by: AndyRossy on October 03, 2012, 10:21:36 AM So there is a backdoor, and you know what it is? ;D There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there?Sounds like a trap. |