[Cryptography] RSA is dead.
William Allen Simpson
william.allen.simpson at gmail.com
Mon Dec 23 03:33:42 EST 2013
http://www.theregister.co.uk/2013/12/23/rsa_nsa_response/
"We made the decision to use Dual EC DRBG as the default in
BSAFE toolkits in 2004, in the context of an industry-wide
effort to develop newer, stronger methods of encryption. At
that time, the NSA had a trusted role in the community-wide
effort to strengthen, not weaken, encryption."
The NSA has *NEVER* been trusted to strengthen security!
Have we forgotten their multi-year effort in the '90s to suborn
key management? 40-bit keys? Weakening IPsec? Trying to
prevent SSH from distribution?
"The carefully worded post, which avoids discussing whether or
not the company actually took the NSA's $10m, ...."
That itself is an indictment of RSA. If they are concealing
taking money, then they knew it was wrong.
It's time to DigiNotar RSA.
More information about the cryptography
mailing list