Did NSA Put a Secret Backdoor in New Encryption Standard?

[scomil]

http://www.cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard

"But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute."

Anything to worry about?

[notme]

Anything to worry about?

No.

[kiba]

NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.

[Raoul Duke]

NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.

Human history is full of stupid, you know?

[foggyb]

NSA is not always an evil organization.....

Well that's comforting.

[Foxpup]

The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard.

Anything to worry about?

Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.

[scomil]

The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard.

Anything to worry about?

Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.

Thank you. Answer I was looking for. Satoshi sure knew his stuff.

[picobit]

Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.

So there is a backdoor, and you know what it is?   

[Foxpup]

So there is a backdoor, and you know what it is?   

There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there?

[AndyRossy]

So there is a backdoor, and you know what it is?   

There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there?

Sounds like a trap.