Russ Housley <hous...@vigilsec.com> writes: >I thought people on this list would find this article interesting: >http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-be-intentional-eavesdropping-backdoor/
If you read the discussion around that it's far more likely to be due to incompetence. The flawed 1024-bit prime was replacing the 512-bit prime that had been in use until then, and the guy who made the change was asking for help with various other things which indicated he wasn't the most capable developer (I don't have the links any more but it was linked off a thread on ycombinator). It just looks like standard badly-done crypto, they also do things like tell you how to set up the SSL tunnel without any mention of validating certs so it's unlikely they check those, and various other signs that they're not doing the crypto too well. Peter. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
