Re: [Cryptography] The hypothetical random number generator backdoor

On 23 September 2013 01:09, Phillip Hallam-Baker wrote: > So we think there is 'some kind' of backdoor in a random number generator. > One question is how the EC math might make that possible. Another is how > might the door be opened. Are you talking about http://en.wikipedia.org/wiki/Dual_EC_DR

Re: [Cryptography] RSA recommends against use of its own products.

On 24 September 2013 17:01, Jerry Leichter wrote: > On Sep 23, 2013, at 4:20 AM, ianG wrote: >>> ... But they made Dual EC DRBG the default ... >> >> At the time this default was chosen (2005 or thereabouts), it was *not* a >> "mistake". https://www.schneier.com/blog/archives/2007/11/the_stra

Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

On 02/10/13 18:42, Arnold Reinhold wrote: On 1 Oct 2013 23:48 Jerry Leichter wrote: The larger the construction project, the tighter the limits on this stuff. I used to work with a former structural engineer, and he repeated some of the "bad example" stories they are taught. A famous case a

Re: [Cryptography] What TLS ciphersuites are still OK?

On 10/09/13 15:58, james hughes wrote: On Sep 9, 2013, at 9:10 PM, Tony Arcieri mailto:basc...@gmail.com>> wrote: On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie mailto:b...@links.org>> wrote: And the brief summary is: there's only one ciphersuite left that's good, and unfortunately its only