Nobody may have used Dual_EC_DRBG "in the first place" (since of course it didn't exist before it was proposed), but that doesn't mean that nobody used it.
"in the first place" meaning "since it was proposed in 2004".
Despite its terrible performance, RSA's BSAFE library used Dual_EC_DRBG as the default CSPRNG for 9 years (most of them well after Shumow and Ferguson's results), removing it only in 2013 when forced to by leaked documents confirming the backdoor:
Yes, but strangely, despite the fact OpenSSL's Dual_EC_DRBG support never worked outside of the test harness, nobody ever filed a ticket against OpenSSL demanding Dual_EC_DRBG be fixed. BSAFE may have used it by default (much to RSA's shame, and they deserve to spend a long, long time living it down), but BSAFE isn't anywhere near as big of a player in the market as OpenSSL is. The two biggest players in that area are Microsoft, which supported it but not by default, and OpenSSL. But I agree, saying that "nobody used it" was going a little far. I think it's accurate to say very few people used it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
