=?iso-8859-1?Q?Kristian_Gj=F8steen?= <kristian.gjost...@math.ntnu.no> writes:

>(For what it's worth, I discounted the press reports about a trapdoor in
>Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I
>was wrong.)

+1.  It's the Vinny Gambini effect (from the film My Cousin Vinny):

  Judge Haller: Mr. Gambini, didn't I tell you that the next time you appear
        in my court that you dress appropriately?
  Vinny: You were serious about dat? 

And it's not just Dual-EC-DRBG that triggers the "You were serious about dat?" 
response, there are a number of bits of security protocols where I've been... 
distinctly surprised that anyone would actually do what the spec said.

(Having said that, I've also occasionally been pleasantly surprised when, by 
unanimous unspoken consensus among implementers, everyone ignored the spec and 
did the right thing).

