Bitcoin Forum
October 20, 2017, 02:15:27 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: The NSA's breach of RSA Inc's crypto: My answer - avoid American crypto  (Read 471 times)
Severian
Sr. Member
****
Offline Offline

Activity: 476



View Profile
October 09, 2013, 11:26:14 PM
 #1

Quote
We now know -- on balance of probabilities -- that the NSA conducted a 3 phased attack on the crypto world. First step was to insert a dodgy random number generator (RNG) into a NIST standard, called Dual_EC. Second step was to convince major suppliers to implement and set that RNG as the default. Third step is: Profit! which is to say, defeat your crypto.

This step is effected by decrypting your traffic, knowing how the random numbers were fed into your protocol, and being able to predict them with some degree of crunchability. We have no information on that third step, but the information that has come out in the post-Snowden world is damning. We can conclude that this was a phased and deliberate approach.

What then to do? As Jon Callas of Silent Circle puts it:
Quote
The problem one faces with the BULLRUN documents gives a decision tree. The first question is whether you think they're credible. If you don't think BULLRUN is credible, then there's an easy conclusion -- stay the course. If you think it is credible, then the next decision is whether you think that the NIST standards are flawed, either intentionally or unintentionally; in short, was BULLRUN *successful*. If you think they're flawed, it's easy; you move away from them.
    The hard decision is the one that comes next -- I can state it dramatically as "Do you stand with the NSA or not?" which is an obnoxious way to put it, as there are few of us who would say, "Yes, I stand with the NSA." You can phrase less dramatically it as standing with NIST, or even less dramatically as standing with "the standard." You can even state it as whether you believe BULLRUN was successful, or lots of other ways.

Where do we stand? We need to answer a bunch of questions in order to get to a conclusion....

Article continued...

1508465727
Hero Member
*
Offline Offline

Posts: 1508465727

View Profile Personal Message (Offline)

Ignore
1508465727
Reply with quote  #2

1508465727
Report to moderator
1508465727
Hero Member
*
Offline Offline

Posts: 1508465727

View Profile Personal Message (Offline)

Ignore
1508465727
Reply with quote  #2

1508465727
Report to moderator
1508465727
Hero Member
*
Offline Offline

Posts: 1508465727

View Profile Personal Message (Offline)

Ignore
1508465727
Reply with quote  #2

1508465727
Report to moderator
Satoshi is no god. He did not come down from the mountain with 10 golden rules engraved in stone for no one to question.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508465727
Hero Member
*
Offline Offline

Posts: 1508465727

View Profile Personal Message (Offline)

Ignore
1508465727
Reply with quote  #2

1508465727
Report to moderator
some1
Sr. Member
****
Offline Offline

Activity: 364


667 one more than the devil


View Profile
October 10, 2013, 02:54:00 AM
 #2

Trust no one.
Blame on you, RSA & company!

Really really interesting read... Thank you for sharing Severian

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!