Georgi Guninski <[email protected]> writes: >Even if "affected implementations would be approximately zero", >can we count this as "crypto backdoored RFC" as per OP?
Oh sure, it's definitely broken. OTOH I'm not sure if it's a deliberate backdoor, the whole thing is such a bad design to begin with that something like this is really just the icing on the cake. It may be worth submitting an erratum to the RFC that mentions the problem, just in case anyone is actually crazy enough to want to implement this in the future. Peter.
