> the motivation behind those requests is risible.
It is quite hilarious that NIST suckered the industry into actually using Dual-EC, despite being worse than the other possible choices in nearly every respect. And this ignores the fact that the backdoor was publicly known for years. This actually happened; it’s not a joke.
The motivation behind the FOIA requests is to attempt to see whether any funny business is going on with PQ crypto.
If the NSA actually suckers any major commercial player into using a broken PQ scheme without a well-established classical scheme as a backup, that will be risible too.
Dual_EC keeps getting brought up, but I have to ask: does anybody have any real evidence that it was widely deployed? My recollection is that it basically didn't appear anywhere outside of a handful of not-widely-used FIPS-certified libraries, and wasn't even the default in any of them except RSA's BSAFE.
The closest thing we have to evidence that Dual_EC was exploited in the wild seems to be a bunch of circumstantial evidence around its role in the OPM hack which, if true, is much more of a "self own" than anything else.
It was widely deployed. NSA got it into BSAFE, which I would have said "nobody uses BSAFE, it's not 1996 anymore", but it turned out a bunch of closed-source old-school hardware products were using BSAFE. The most notable BSAFE victims were Juniper/Netscreen.
Everybody who claimed Dual EC was a backdoor was right, and that backdoor was materially relevant to our industry. I couldn't believe something as dumb as Dual EC was a real backdoor; it seemed like such idiotic tradecraft. But the belief that Dual EC was so bad as tradecraft that it couldn't be real was, apparently, part of the tradecraft! Bernstein is right about that (even if he came to the conclusion at basically the same time as everyone else --- like, the instant you find out Juniper/Netscreen is using Dual EC, the jig is up).
> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.
maybe you don't know what risible means, but it reads like you're saying that the NSA "somehow" coercing someone is unlikely, which i'm sure you can agree is a "very naive and trusting view"
Nowhere does the comment say that the NSA "somehow" coercing someone is unlikely. Hence, it's fair question whether the comment had been comprehended, because it seems it hasn't in this thread. If comprehension begets intelligence than conclusions born from misunderstanding exude stupidity.
And, dropping the pedantry, it's quite frustrating to be deliberately or casually or in whatever way misrepresented by drive-by commenters in an otherwise apt discussion thread. Your comment and the one tptacek responded to are patronizing and dismissive and really don't contribute to any interesting discourse on the topic. I think it's fair to dismiss stupid drive-by low-effort quips, personally.
You used obscure language to make yourself look smart and deal with the resulting confusion by calling people stupid instead of clarifying what was said. Please get your ego in order.
Maybe he does know what risible means and is in fact extremely well informed, much better informed than you are, to the point where offering sarcasm on the apparent basis of absolutely nothing but what you've learnt from the internet is actually not a valuable contribution to the conversation but instead embarrassing. Have you considered this possibility as well?
You said:
> the motivation behind those requests is risible.
It is quite hilarious that NIST suckered the industry into actually using Dual-EC, despite being worse than the other possible choices in nearly every respect. And this ignores the fact that the backdoor was publicly known for years. This actually happened; it’s not a joke.
The motivation behind the FOIA requests is to attempt to see whether any funny business is going on with PQ crypto.
If the NSA actually suckers any major commercial player into using a broken PQ scheme without a well-established classical scheme as a backup, that will be risible too.
Dual_EC keeps getting brought up, but I have to ask: does anybody have any real evidence that it was widely deployed? My recollection is that it basically didn't appear anywhere outside of a handful of not-widely-used FIPS-certified libraries, and wasn't even the default in any of them except RSA's BSAFE.
The closest thing we have to evidence that Dual_EC was exploited in the wild seems to be a bunch of circumstantial evidence around its role in the OPM hack which, if true, is much more of a "self own" than anything else.
It was widely deployed. NSA got it into BSAFE, which I would have said "nobody uses BSAFE, it's not 1996 anymore", but it turned out a bunch of closed-source old-school hardware products were using BSAFE. The most notable BSAFE victims were Juniper/Netscreen.
Everybody who claimed Dual EC was a backdoor was right, and that backdoor was materially relevant to our industry. I couldn't believe something as dumb as Dual EC was a real backdoor; it seemed like such idiotic tradecraft. But the belief that Dual EC was so bad as tradecraft that it couldn't be real was, apparently, part of the tradecraft! Bernstein is right about that (even if he came to the conclusion at basically the same time as everyone else --- like, the instant you find out Juniper/Netscreen is using Dual EC, the jig is up).
4 replies →
Not Dual EC, but ECDSA is used (by law) in EU smart tachograph systems for signing data.
6 replies →
> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.
maybe you don't know what risible means, but it reads like you're saying that the NSA "somehow" coercing someone is unlikely, which i'm sure you can agree is a "very naive and trusting view"
Nowhere does the comment say that the NSA "somehow" coercing someone is unlikely. Hence, it's fair question whether the comment had been comprehended, because it seems it hasn't in this thread. If comprehension begets intelligence than conclusions born from misunderstanding exude stupidity.
And, dropping the pedantry, it's quite frustrating to be deliberately or casually or in whatever way misrepresented by drive-by commenters in an otherwise apt discussion thread. Your comment and the one tptacek responded to are patronizing and dismissive and really don't contribute to any interesting discourse on the topic. I think it's fair to dismiss stupid drive-by low-effort quips, personally.
No part of what I said had anything to do with what NSA would or wouldn't attempt to do.
If you don't understand what I wrote, ask questions. What you did instead was leap to stupid conclusions.
You used obscure language to make yourself look smart and deal with the resulting confusion by calling people stupid instead of clarifying what was said. Please get your ego in order.
18 replies →
Maybe he does know what risible means and is in fact extremely well informed, much better informed than you are, to the point where offering sarcasm on the apparent basis of absolutely nothing but what you've learnt from the internet is actually not a valuable contribution to the conversation but instead embarrassing. Have you considered this possibility as well?