undefined | Better HN

0 pointsanonym292y ago0 comments

^ this post brought to you by RSA, ANSI, ISO, NIST, the NSA, and the authors of DUAL_EC_DRBG

0 comments

... Which iirc was immediately identified as suspicious during auditing.

a13692099932y ago

And yet became a official standard anyway, and was occasionally actually used, despite the fact that is was obviously backdoored to anyone who knew anything about (elliptic-curve) cryptography. (It's literally a textbook-exercise leaky RNG, of the sort that you would find under "Exercise: create a elliptic-curve-based RNG that leaks seed bits within N bytes of random data." in a actual cryptography textbook.)

tptacek2y ago

You don't really need to understand elliptic curves to understand Dual EC. It's a public key RNG. The vulnerability is that there's a matching private key.

1 more reply

anonym29OP2y ago

The assertion I was refuting was that they couldn't be easily inserted into an audited library, not that they wouldn't be detected.

j / k navigate · click thread line to collapse