Schneier in the Guardian: all your coinz is belong to them?

[niko]

Bitcoin uses standard, NIST (and likely NSA) recommended curve parameters. Are these chosen based on some rationale, or just chosen, ahem, randomly by, ahem, unknown people? Was there any obvious danger in using different constants?

[1715301718]

1715301718

[marcus_of_augustus]

I would trust Free Software / Open Source code written by the NSA or some other government agency long before trusting any propriety software particularly that written by Microsoft or Apple.

Ironically there is a far greater chance of an NSA backdoor in propriety software from Microsoft or Apple than in SE Linux or Security Enhancements for Android.

The latest revelations makes either choice unwise.

The NSA cannot be trusted to be acting in good faith in ANYTHING it produces. Mathematicians/engineers who have done this kind of subterfuge should be deeply ashamed with themselves, producing error-ridden material and/or knowingly broken mathematics as your "best effort contribution to human progress" is about as low as you can go on the scientific ethics scale.

[tvbcof]

I would trust Free Software / Open Source code written by the NSA or some other government agency long before trusting any propriety software particularly that written by Microsoft or Apple.

Ironically there is a far greater chance of an NSA backdoor in propriety software from Microsoft or Apple than in SE Linux or Security Enhancements for Android.

The latest revelations makes either choice unwise.

The NSA cannot be trusted to be acting in good faith in ANYTHING it produces. Mathematicians/engineers who have done this kind of subterfuge should be deeply ashamed with themselves, producing error-ridden material and/or knowingly broken mathematics as your "best effort contribution to human progress" is about as low as you can go on the scientific ethics scale.

I would not say that categorically.  The NSA and more generally elements of the US's intelligence, military and diplomatic bodies need secure tools and methods as much as anyone.  That said, they also have more reason than, say, academics to wish to subvert and exploit the communications and systems of others so I would treat everything they've influenced with a _large_ degree of suspicion.

This reminds me of one of the more amusing ways to detect if one's systems have been hacked:  Security issues are miraculously and inexplicably fixed.

I also do not think it is a stretch for a lot of people to earnestly believe that they are doing good and necessary work by subverting systems on behalf of the US government.  For many others it's probably just a job or some combination of the two factors.  I disagree at this point in my life that the kind of subversion that the NSA is accused of is a net positive in part because I think the results are almost certain to be used for nefarious purposes and to the detriment of most of the population at some point, but I didn't always feel that way.

[hashman]

The reason he mentions constants and EC is because of this:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

Thanks for the link.. but I'm not sure that's what he was talking about in the Guardian piece.  It seems he was referring to assymetric encryption or digital signature algos.. at least, I'm not aware of a standard random number generator that uses discrete logs.

I'm surprised there aren't any DSA altcoins yet.

That statement is not an allegation. He says "prefer," not "omg public key cryptography is hacked!"

 

In any case, my apologies for the overly provocative subject title.

[virtualmaster]

i found it amazing that someone like him would still be using Windows.

It can be useful to have a windows test version installed on your laptop as dual boot default.
If somebody is very insistent to see your laptop (a family member, a friend or border control) you can make default start and let him see the windows test version which cannot see the ext3 and ext4 partitions(without additional drivers).
Using windows on a VM can be also useful if you need a program which doesn't exist as native linux.

[niko]

I would trust Free Software / Open Source code written by the NSA or some other government agency long before trusting any propriety software particularly that written by Microsoft or Apple.

Ironically there is a far greater chance of an NSA backdoor in propriety software from Microsoft or Apple than in SE Linux or Security Enhancements for Android.

The latest revelations makes either choice unwise.

The NSA cannot be trusted to be acting in good faith in ANYTHING it produces. Mathematicians/engineers who have done this kind of subterfuge should be deeply ashamed with themselves, producing error-ridden material and/or knowingly broken mathematics as your "best effort contribution to human progress" is about as low as you can go on the scientific ethics scale.

Articles also mention hardware backdoors and other weaknesses being implanted by the NSA agents. This is in addition to purposefully weakened crypto standards, examples of Windows OS backdoor (_NSAKEY), backdoored "standard" PRNG (dual_EC_DRBG), etc.
It appears that NSA is not in the business of national security, but in the business of mass surveilance and subversion of good, public crypto. Their "recommendations" of any specific constants or crypto techniques should be seen in this light.
I don't think they particularly care about Bitcoin - they might if it ever becomes significant in the international trade - but Bitcoin may become a collateral damage if secp256k1 was in any way influenced by the NSA shills at SECG. If secp256k1 does not include nothing-up-my-sleeve numbers, we have every reason to ask for an expert review.