[Cryptography] RSA recommends against use of its own products.
Phillip Hallam-Baker
hallam at gmail.com
Thu Sep 26 19:54:00 EDT 2013
On Wed, Sep 25, 2013 at 7:18 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
> =?iso-8859-1?Q?Kristian_Gj=F8steen?= <kristian.gjosteen at math.ntnu.no>
> writes:
>
> >(For what it's worth, I discounted the press reports about a trapdoor in
> >Dual-EC-DRBG because I didn't think anyone would be daft enough to use
> it. I
> >was wrong.)
>
> +1. It's the Vinny Gambini effect (from the film My Cousin Vinny):
>
> Judge Haller: Mr. Gambini, didn't I tell you that the next time you
> appear
> in my court that you dress appropriately?
> Vinny: You were serious about dat?
>
> And it's not just Dual-EC-DRBG that triggers the "You were serious about
> dat?"
> response, there are a number of bits of security protocols where I've
> been...
> distinctly surprised that anyone would actually do what the spec said.
>
Quite, who on earth thought DER encoding was necessary or anything other
than incredible stupidity?
I have yet to see an example of code in the wild that takes a binary data
structure, strips it apart and then attempts to reassemble it to pass to
another program to perform a signature check. Yet every time we go through
a signature format development exercise the folk who demand
canonicalization always seem to win.
DER is particularly evil as it requires either the data structures to be
assembled in the reverse order or a very complex tracking of the sizes of
the data objects or horribly inefficient code. But XML signature just ended
up broken.
[Just found your ASN.1 dump tool and using it to debug my C# ASN.1 encoder,
OK so maybe ASN.1 is not terrible if I can put together a compiler in four
days but I am not using the Assanine 1 schema syntax and I am using my
personal toolchain]
> (Having said that, I've also occasionally been pleasantly surprised when,
> by
> unanimous unspoken consensus among implementers, everyone ignored the spec
> and
> did the right thing).
>
I have a theory that the NSA stooges are not the technical folk. Why on
earth would a world class expert want to spend their time playing silly
games sabotaging specs when they could have much more fun working inside
the NSA at Fort Meade or building stuff.
What I would do is to take a person who is a technical wannabe and provide
him with technical support and tell him to try to wheedle positions as a
document editor. Extra points if they manage to discourage participation by
folk with solid technical chops.
We saw something of the sort during the anti-spam efforts. I was sure at
the time that the spammers had folk paid to make the discussions as
acrimonious as possible.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130926/85454dac/attachment.html>
More information about the cryptography
mailing list