On Thu, Sep 5, 2013 at 4:57 PM, Perry E. Metzger <pe...@piermont.com> wrote:

> On Thu, 5 Sep 2013 16:53:15 -0400 "Perry E. Metzger"
> <pe...@piermont.com> wrote:
> > > Anyone recognize the standard?
> >
> > Please say it aloud. (I personally don't recognize the standard
> > offhand, but my memory is poor that way.)
> There is now some speculation in places like twitter that this refers
> to Dual_EC_DRBG though I was not aware that was widely enough deployed
> to make a huge difference here, and am not sure which international
> group is being mentioned. I would be interested in confirmation.

I believe it is Dual_EC_DRBG. The ProPublica

Classified N.S.A. memos appear to confirm that the fatal weakness,
discovered by two Microsoft cryptographers in 2007, was engineered by the
agency. The N.S.A. wrote the standard and aggressively pushed it on the
international group, privately calling the effort “a challenge in finesse.”

This appears to describe the NIST SP 800-90 situation pretty precisely. I
found Schneier's contemporaneous article to be good at refreshing my

 - Tim
The cryptography mailing list

Reply via email to