On Mon, Mar 31, 2014 at 12:45 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > The paper [2] also has more about exploiting dual-ec if you > know a backdoor that I've not yet read really.
> [2] http://dualec.org/ That paper talks about servers. What is the prevalence of Dual_EC on the client-side of TLS? Assuming most TLS usage involves RSA key transport -a fair assumption given the well-noted non-use of PFS until recent times- the client's RNG is more critical than the server's. I realize that client-side prevalence is harder to measure. Still, since Dual_EC was in the Java and SChannel stacks, it seems reasonable to conclude that client-side Dual_EC penetration was quite high at its peak, but is that right? Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography