Dual EC: Anatomy of a NSA backdoor

[wintermute000]

The maths goes completely over my head but fascinating stuff nonetheless.



http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html

[deanwebb]

Actually, the maths weren't nearly as wonky as the ones presented at RSA Crypto sessions where academics present their papers.

Great article, and it provides the computational side of the adage that the USA is capable of many secret operations, but is incapable of keeping them all secret. Good help is hard to find, so the fact that there are what seem to be simple errors in a scheme doesn't get the NSA off the hook, in my view. Rather, it keeps them squarely in the sights, since they're all still human, capable of the same mistakes that I or any other human can make.

The fact that the outputs in the algorithm have a predictive function is a death knell in crypto. The whole point of crypto is to keep the attacker guessing. Once the attacker isn't guessing, the crypto is compromised. Of course, a wily attacker would keep ineffective attacks running, so that way the defender wouldn't get suspicious.

Saw a Pakistani comedian answer the question of death threats in an interesting way: "As long as I'm getting the death threats, I don't mind. It means the guy sending them is still on his computer, typing away. It's when they *stop* that I worry and take measures. It means he's not writing anymore and intends to *do* something."

PROTIP: If a set of attacks stops, don't breathe a sigh of relief. The attacker didn't give up. He just doesn't know how to cover his tracks all that well.