scomil (OP)
Newbie
 Offline
Activity: 15
Merit: 0
|
 |
October 02, 2012, 05:02:45 PM |
|
http://www.cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard"But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute." Anything to worry about?
|
|
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
October 02, 2012, 05:08:41 PM |
|
Anything to worry about?
No. |
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
October 02, 2012, 05:14:13 PM |
|
NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
October 02, 2012, 05:26:59 PM |
|
NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.
Human history is full of stupid, you know? |
|
|
|
|
foggyb
Legendary
Offline
Activity: 1652
Merit: 1006
|
|
October 02, 2012, 05:58:56 PM |
|
NSA is not always an evil organization.....
Well that's comforting. |
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4354
Merit: 3042
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
October 02, 2012, 08:03:09 PM |
|
The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard. Anything to worry about?
Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor. |
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions! |
|
|
scomil (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
October 02, 2012, 08:40:02 PM |
|
The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard. Anything to worry about?
Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor. Thank you. Answer I was looking for. Satoshi sure knew his stuff. |
|
|
|
|
|
picobit
|
|
October 03, 2012, 08:02:02 AM |
|
Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.
So there is a backdoor, and you know what it is?  |
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4354
Merit: 3042
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
October 03, 2012, 08:38:07 AM |
|
So there is a backdoor, and you know what it is? There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there? |
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions! |
|
|
|
AndyRossy
|
|
October 03, 2012, 10:21:36 AM |
|
So there is a backdoor, and you know what it is? There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there? Sounds like a trap. |
|
|
|
|
|
