Dual_EC_DRBG Backdoor: a Proof of Concept

Posted by Soulskill on Wednesday January 1, 2014 @07:15AM from the this-is-how-we-do-it dept.

New submitter Reliable Windmill sends this followup to the report that RSA took money from the NSA to use backdoored tech for random number generation in encryption software. From the article: "Dual_EC_DRBG is an pseudo-random number generator promoted by NIST in NIST SP 800-90A and created by NSA. This algorithm is problematic because it has been made mandatory by the FIPS norm (and should be implemented in every FIPS approved software) and some vendors even promoted this algorithm as first source of randomness in their applications. If you still believe Dual_EC_DRBG was not backdoored on purpose, please keep reading. ... It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed. It is obviously complete madness to use the reference implementation from NIST"

4 of 201 comments (clear)

Min score:

Reason:

Sort:

Amish by Anonymous Coward · 2014-01-01 07:34 · Score: 5, Funny

shun anything electronic, or electric for that matter. Substinance farm and read dead-tree books for leasure.
1. Re: Amish by Anonymous Coward · 2014-01-01 10:48 · Score: 2, Funny
  
  Trees are the new Red-black!
  FTFY!
Re:Bah by Anonymous Coward · 2014-01-01 09:23 · Score: 3, Funny

Ghostbusters!
Re:Good article by Em+Adespoton · 2014-01-01 09:24 · Score: 5, Funny

Too bad I've already given up on Slashdot and left. Really, I'm not here. You don't see me.
Weak are your Jedi powers, my son.