-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/09/13 19:25, Maxim Kammerer wrote: > I don't see any evidence of said shift in priorities. NSA > supported escrowed encryption in the 90's, and the alleged > subversion of standards is most likely similar to escrowed > encryption, but at the algorithmic level [1], where an adversary > gaining access to key escrow requires computational / cryptanalysis > effort that's equivalent to breaking the cryptosystem in question. > > [1] https://en.wikipedia.org/wiki/Dual_EC_DRBG
Depends on what you mean by breaking the cryptosystem. Cracking all instances of the Dual EC DRBG takes equivalent effort to cracking a single instance of a backdoor-free elliptic curve cryptosystem. http://rump2007.cr.yp.to/15-shumow.pdf So the analogy with key escrow is a bit strained. With key escrow, the adversary has to crack every key individually, whereas with a backdoor the adversary only has to crack a single key to compromise all users. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSKlLAAAoJEBEET9GfxSfMr9cH/10ZDmMVU+izR62V3KgcKHOT dJ+HwF0gkJ0FxeBd2xVA47XHbU3Shnni23XdJhS9l7YPlQdSGt07nu3O1srYALYg a4vt/OCbkREov9F92OpAEsmkTFw0b2eE4+AwTjU5cJ6KnZ2zm7Fr312Z4m5D4SKQ h2YNNzXimFCQ4GtTZvelqd7gYfpY7P6TFZWVz5uPqLAaX444Fo8ZsH6u6F4vlJMa /gxDPjXS+5yPHHeYvsHjiiRBBcBYM4SfkmM2emuuOVOdmQOWmD4zRdHjXR82kYca ZXpZnzXcfqZ5uma5n4tYXuexs+hjt88KCZQ5uBxwE8JMCxn0uyszsWHuazzrf6k= =SzwW -----END PGP SIGNATURE----- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
