Over 16,547,281 people are on fubar.
What are you waiting for?

kisma Johnson's blog: " DId theNSA put a back door on encryption"

created on 11/17/2007  |  http://fubar.com/did-thensa-put-a-back-door-on-encryption/b155735
posted on 11/17/2007&nbs-08:00;@&nbs-08:00;05:11&nbs-08:00;am

You need to know this

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency. Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator. With John Kelsey and Niels Ferguson in 1999, I co-authored Yarrow, a random-number generator based on our own cryptanalysis work. I improved this design four years later -- and renamed it Fortuna -- in the book Practical Cryptography, which I co-authored with Ferguson. The U.S. government released a new official standard for random-number generators this year, and it will likely be followed by software and hardware developers around the world. Called NIST Special Publication 800-90 (.pdf), the 130-page document contains four different approved techniques, called DRBGs, or "Deterministic Random Bit Generators." All four are based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. It's smart cryptographic design to use only a few well-trusted cryptographic primitives, so building a random-number generator out of existing parts is a good thing. But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.
Report as NSFW [?]
113 views     0 comments     view comments
Leave a comment!
html comments NOT enabled!
NOTE: If you post content that is offensive, adult, or NSFW (Not Safe For Work), your account will be deleted.[?]

giphy icon
Fort Myers, FL
last post
16 years ago
posts
1
views
301
can view
everyone
can comment
everyone
atom/rss

recent posts

other blogs by this author

 14 years ago
Just Gut Instinct
 14 years ago
Cosmic
 15 years ago
Atlantis
 15 years ago
adam and eve
 15 years ago
Life science
 15 years ago
Entities
 15 years ago
OM G I'M RICH!!!!!!!!!
 15 years ago
UFO's
see all blogs by this author
official fubar blogs
 8 years ago
fubar news by babyjesus  
 14 years ago
fubar.com ideas! by babyjesus  
 10 years ago
fubar'd Official Wishli... by SCRAPPER  
 11 years ago
Word of Esix by esixfiddy  

discover blogs on fubar

meet usterms of serviceprivacyfeedbackupdates
Copyright © 2024 Social Concepts, Inc. All Rights Reserved. Patent Pending.
blog.php' rendered in 0.0505 seconds on machine '190'.