Forwarding because Adam apparently has distinct envelope and From: addresses and didn't notice the bounce.
Note that anyone replying and attributing this message to *me* will be laughed at mercilessly as their message is rejected. Perry Begin forwarded message: Date: Tue, 10 Sep 2013 13:42:57 +0200 From: Adam Back <[email protected]> To: "Perry E. Metzger" <[email protected]> Cc: Alexander Klimov <[email protected]>, Cryptography List <[email protected]>, Adam Back <[email protected]> Subject: Re: [Cryptography] how could ECC params be subverted & other evidence Perry wrote: >The Times reported that a standard [...] had been subverted, and >there had been much internal congratulation in a memorandum. > >[...]This was only an example, the context in the Guardian and the >Times made it clear others are probably lurking. The important potential backdoor is NIST 186-3 curves in Peter Fairbrother's reply, and I think that would be a good place to focus analysis. (DRBG is largely irrelevant due suspected compromised state since 2007, and very limited use. It is also a different type of issue - not backdoored curves, arguably backdoored parameters). I would like to hear also from other readers, who may have a deeper understanding of EC math and parameter selection. I do think people should be careful to distinguish between three things: 1 political "confirmed" backdoor claims from whistleblower documents as interpreted by journalists (technical articles by eg Schneier exempted); 2 possible backdoor (showing that a parameter or key generation lacks sufficient fairness in its generation) 3 actual verifiable sabotage (the actual backdoor keys, previously unpublished implausible design failure, software backdoor etc.) We need accuracy because once the dust has settled people will be making crypto protocol design & implementation decisions based on what is concluded. Speculate away, but be clear. Adam _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
