On Thu, 5 Sep 2013 19:14:53 -0400 John Kelsey <crypto....@gmail.com>
> First, I don't think it has anything to do with Dual EC DRGB.  Who
> uses it?

It did *seem* to match the particular part of the story about a
subverted standard that was complained about by Microsoft
researchers. I would not claim that it is the most important part of
the story.

> My impression is that most of the encryption that fits what's in
> the article is TLS/SSL.

Yes, and if they have a real hole there they're exploiting, that is
quite disturbing. If they're merely using a hodge-podge of techniques
to get keys, it is less worrying.

> Where do the world's crypto random numbers come from?  My guess is
> some version of the Windows crypto api and /dev/random
> or /dev/urandom account for most of them.

I'm starting to think that I'd probably rather type in the results of
a few dozen die rolls every month in to my critical servers and let
AES or something similar in counter mode do the rest.

A d20 has a bit more than 4 bits of entropy. I can get 256 bits with
64 die rolls, or, if I have eight dice, 16 rolls of the group. If I
mistype when entering the info, no harm is caused. The generator can
be easily tested for correct behavior if it is simply a block cipher.

> What does most of the  world's TLS?  OpenSSL and a few other
> libraries, is my guess.  But someone must have good data about this.
> My broader question is, how the hell did a sysadmin in Hawaii get
> hold of something that had to be super secret?  He must have been
> stealing files from some very high ranking people.  

I believe there was already discussion in the press on that latter
point, but I think it is less germane to our discussion here and
would prefer that we avoid speculating on things that are only of
human/gossip interest.

Perry E. Metzger                pe...@piermont.com
The cryptography mailing list

Reply via email to