[Cryptography] Opening Discussion: Speculation on "BULLRUN"
Perry E. Metzger
perry at piermont.com
Thu Sep 5 19:35:37 EDT 2013
On Thu, 5 Sep 2013 19:14:53 -0400 John Kelsey <crypto.jmk at gmail.com>
> First, I don't think it has anything to do with Dual EC DRGB. Who
> uses it?
It did *seem* to match the particular part of the story about a
subverted standard that was complained about by Microsoft
researchers. I would not claim that it is the most important part of
> My impression is that most of the encryption that fits what's in
> the article is TLS/SSL.
Yes, and if they have a real hole there they're exploiting, that is
quite disturbing. If they're merely using a hodge-podge of techniques
to get keys, it is less worrying.
> Where do the world's crypto random numbers come from? My guess is
> some version of the Windows crypto api and /dev/random
> or /dev/urandom account for most of them.
I'm starting to think that I'd probably rather type in the results of
a few dozen die rolls every month in to my critical servers and let
AES or something similar in counter mode do the rest.
A d20 has a bit more than 4 bits of entropy. I can get 256 bits with
64 die rolls, or, if I have eight dice, 16 rolls of the group. If I
mistype when entering the info, no harm is caused. The generator can
be easily tested for correct behavior if it is simply a block cipher.
> What does most of the world's TLS? OpenSSL and a few other
> libraries, is my guess. But someone must have good data about this.
> My broader question is, how the hell did a sysadmin in Hawaii get
> hold of something that had to be super secret? He must have been
> stealing files from some very high ranking people.
I believe there was already discussion in the press on that latter
point, but I think it is less germane to our discussion here and
would prefer that we avoid speculating on things that are only of
Perry E. Metzger perry at piermont.com
More information about the cryptography