[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Tim Dierks tim at dierks.org
Thu Sep 5 17:14:39 EDT 2013


On Thu, Sep 5, 2013 at 4:57 PM, Perry E. Metzger <perry at piermont.com> wrote:

> On Thu, 5 Sep 2013 16:53:15 -0400 "Perry E. Metzger"
> <perry at piermont.com> wrote:
> > > Anyone recognize the standard?
> >
> > Please say it aloud. (I personally don't recognize the standard
> > offhand, but my memory is poor that way.)
>
> There is now some speculation in places like twitter that this refers
> to Dual_EC_DRBG though I was not aware that was widely enough deployed
> to make a huge difference here, and am not sure which international
> group is being mentioned. I would be interested in confirmation.


I believe it is Dual_EC_DRBG. The ProPublica
story<http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption>says:

Classified N.S.A. memos appear to confirm that the fatal weakness,
discovered by two Microsoft cryptographers in 2007, was engineered by the
agency. The N.S.A. wrote the standard and aggressively pushed it on the
international group, privately calling the effort “a challenge in finesse.”

This appears to describe the NIST SP 800-90 situation pretty precisely. I
found Schneier's contemporaneous article to be good at refreshing my
memory:
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

 - Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130905/7d11f4a7/attachment.html>


More information about the cryptography mailing list