On 22/09/13 16:43 PM, Jerry Leichter wrote:
On Sep 20, 2013, at 2:08 PM, Ray Dillinger wrote:
More fuel for the fire...
RSA today declared its own BSAFE toolkit and all versions of its
Data Protection Manager insecure, recommending that all customers
immediately discontinue use of these products....
Wow. You took as holy writ on a technical matter a pronouncement of the
Etc. Yes, we expect the company to declare itself near white, and the
press to declare it blacker than the ace of spaces.
Meanwhile, this list is about those who know how to analyse this sort of
stuff, independently. So...
... But they made Dual EC DRBG the default ...
I don't see a lot of distance between choosing Dual_EC as default, and
the conclusion that BSAFE & user-systems are insecure.
The question that remains is, was it an innocent mistake, or were they
influenced by NSA?
We don't have much solid evidence on that. But we can draw the dots,
and a reasonable judgement can fill the missing pieces in.
The cryptography mailing list