mashraqi

+1.408.FRANKMASH (408.372-6562)
[ This is my personal blog so all opinions expressed here are mine. I am a product, scalability, operations and monetization advisor and currently employed as Director of Business Operations & Technical Strategy for a top 50 website that delivers billions of page views per month. I was a keynote panelist for Scaling Up or Out keynote at MySQL Conference and speak regularly at conferences and user groups. ] 		Farhan "Frank" Mashraqi

Monday, December 17, 2007

Secret Backdoor in Dual_EC_DRBG (New Encryption Standard)

In an eye-opening post, Bruce Schneier describes the very scary back door that exists in a New Encryption Standard being put forward by NSA. Equally interesting is this PDF presentation that explains the back door in detail.
Even if no one knows the secret numbers, the fact that the backdoor is present makes Dual_EC_DRBG very fragile. If someone were to solve just one instance of the algorithm's elliptic-curve problem, he would effectively have the keys to the kingdom. He could then use it for whatever nefarious purpose he wanted. Or he could publish his result, and render every implementation of the random-number generator completely insecure.
So what do you have to worry about? Microsoft is adding this standard of random number generator in Windows Vista SP1. Here's Bruce's post.

Labels: , , , ,

posted by Frank at 2:23 PM

0 Comments:

Post a Comment

<< Home

contact me

  • View Farhan 'Frank' Mashraqi's profile on LinkedIn

Earlier

Popular Posts

Popular Tags

Conferences

  • Structure 08
  • Graphing Social Patterns - East 2008
  • Velocity Conference

Photos

Twitter Updates

    follow me on Twitter
    © 2006 The Mashraqi's.