On 24 September 2013 17:01, Jerry Leichter <[email protected]> wrote: > On Sep 23, 2013, at 4:20 AM, ianG <[email protected]> wrote:
>>> ... But they made Dual EC DRBG the default ... >> >> At the time this default was chosen (2005 or thereabouts), it was *not* a >> "mistake". https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html "Problems with Dual_EC_DRBG were first described in early 2006" With hindsight, it was definitely a mistake. The questions are whether they could or should have known it was a mistake at the time and whether the NSA played any part in the mistake, and whether they should have warned users and changed the default well before now. -- [email protected] http://www.chiark.greenend.org.uk/~armb/ _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
