Slashdot Mirror


Dual_EC_DRBG Backdoor: a Proof of Concept

New submitter Reliable Windmill sends this followup to the report that RSA took money from the NSA to use backdoored tech for random number generation in encryption software. From the article: "Dual_EC_DRBG is an pseudo-random number generator promoted by NIST in NIST SP 800-90A and created by NSA. This algorithm is problematic because it has been made mandatory by the FIPS norm (and should be implemented in every FIPS approved software) and some vendors even promoted this algorithm as first source of randomness in their applications. If you still believe Dual_EC_DRBG was not backdoored on purpose, please keep reading. ... It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed. It is obviously complete madness to use the reference implementation from NIST"

3 of 201 comments (clear)

  1. Re:More interesting facts by cold+fjord · · Score: -1, Flamebait

    In short, as is the case with many conspiracy theories all you have is a collection of things that are suggestive, not definitive. You basically concede that if you implement the amended standard the crypto is good. Nobody has found any proof that a backdoor actually exists, only that it may be possible. Even if it is possible, nothing shows that NSA actually has one. The things that you've collected could support many possible theories, including the possibility that NSA only paid RSA to promote what appeared to be a highly promising crypto technology. For all that anybody actually knows the NSA could have chosen the form of the curve with the perceived potential backdoor as a spoof to entice Russia or China to waste a large compute farm trying to find the backdoor when it doesn't exist, and it could otherwise be working on something productive. There isn't any way of knowing, and Bruce Schneier has said that Snowden's leaks don't show that NSA has weakened crypto. Snowden himself said that protecting your data with cryptography still works. Somehow I doubt any of that will make it in with your "updates" to Wikipedia.

    By the way, did you hear that NSA "fiddled" with the DES standard? They made mysterious changes to the proposed S-boxes to the standard. Any idea what happened there?

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  2. Re:Another view on teh RSA / NSA thing... by cold+fjord · · Score: 0, Flamebait

    Now change that one word to from "known" to "unknown". Did they deny that?

    I can play that game too. Change that one word from "known" to "fried chicken recipe." Did they deny that?

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  3. Re:Bah by Darinbob · · Score: -1, Flamebait

    I don't trust the article for one. I'm as paranoid as everyone else around here, but I don't think the NSA cooperated with RSA to put in a backdoor here, no matter how much Saint Snowden claims. If they NSA had such a backdoor it would be an extremely well kept secret and not left around where any low level junior contractor like Snowden would stumble across it.