Website review: Did NSA Put a Secret Backdoor in Ne...

cgsheldon cgsheldon discovered this in Computer Security 9 reviews since Nov 14, 2007
icon tagscomputer-security, encryption wired.com/politics/security/commentary/securi...

Thumbs up People who like this website

barrelhead
Los Angeles
WestsideStumbler
California
kamesan
Bay Area
darxon
San Francisco Bay…
benadamx
San Francisco
jasonstone
San Francisco
EddieStarr
Sacramento
Narf-Man
Tacoma
jonsixtyfour
Seattle
rooosta
Silverdale
venus4201969
Arlington
mdelatorre
Brownsville
bbgirl65340
Springfield
mocksoup
Iowa
ande4100
Minneapolis

StumbleUpon is the best way to discover great web sites, videos, photos, blogs and more - based on your interests. Everything is submitted and rated by the community. Discover, share and review the best of the web!

Thumbs up Reviews of this website

Shiitake rated 7 months ago
From Bruce Schneier, noted expert on encryption. Who has the keys to the backdoor in Microsoft Windows Vista? From the page: "Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG [encryption]. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does. We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST -- or anyone else -- to prove otherwise."
Username2000 rated 9 months ago
From the page: "Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency."
AvangionQ rated 9 months ago
If this is true and some hacker figures it out, the NSA is going to experience some blowback over it ... that said and on a more personal note, I like to keep speculation to a minimum and focus on what can be proven ...
NeedsMoreCoffee rated 9 months ago
From the page: "What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG. The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem. Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does. We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST -- or anyone else -- to prove otherwise."
barrelhead rated 9 months ago
Commentary by Bruce Schneier
LeonZ rated 9 months ago
Who would have expected something like that from NIST and NSA. Har...
msaleem-stumbl rated 9 months ago
Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.
LeonardoDaVinci rated 9 months ago
So what's all the hoo-dee-dah about random numbers, other the obvious ones mentioned here? This: that there's really no such thing as a "truly" random number.
moookid rated 9 months ago
From the page: "you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG. The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem. Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does."

Meet cgsheldon

cgsheldon

Cgsheldon discovered this site. He is a 26 year old guy from Dubai, United Arab Emirates.

Cgsheldon has rated 16,942 sites and has 148 fans.

Browse peoples favorites

Related videos

See more videos >
Subscribe to updates
This page is not affiliated with wired.com.