undefined | Better HN

0 pointsskinkestek4y ago0 comments

Just a quick thought:

I think it wasn't that long before that NSA had warned against some other crypto that was widely thought to be safe and everyone later realized that it had been a good thing.

Can it be that some people thought NSA were doing them a favour again?

0 comments

2 comments · 1 top-level

tptacek4y ago· 1 in thread

You're probably thinking of DES, which happened long before Dual EC (and long before many of the people working at RSA started their careers). But you can see that effect even today, for instance with NSA's "deprecation" of Suite B cryptography and the shade that cast over conventional elliptic curve cryptosystems.

I don't think one can reasonably defend adoption of Dual EC as somehow hedging a bet that NSA had found vulnerabilities in trivial block-based CSPRNGs, though. I think that decision was essentially indefensible, even at the time it was made; it's just more clearly batshit now than it was then.

skinkestekOP4y ago

Ok, thanks. I appreciate your opinion on it and guess you are right.

j / k navigate · click thread line to collapse