[Cryptography] [cryptography] SSH uses secp256/384r1 which has the same parameters as what's in SEC2 which are the same the parameters as specified in SP800-90 for Dual EC DRBG!

Perry E. Metzger perry at piermont.com
Mon Sep 9 18:03:14 EDT 2013

On Mon, 9 Sep 2013 14:07:58 +0300 Alexander Klimov
<alserkli at inbox.ru> wrote:
> On Mon, 9 Sep 2013, Daniel wrote:
> > Is there anyone on the lists qualified in ECC mathematics that can
> > confirm that? 
> NIST SP 800-90A, Rev 1 says:
>  The Dual_EC_DRBG requires the specifications of an elliptic curve
> and two points on the elliptic curve. One of the following NIST
> approved curves with associated points shall be used in
> applications requiring certification under [FIPS 140]. More details
> about these curves may be found in [FIPS 186], the Digital
> Signature Standard.
> > And what ramifications it has, if any..
> No. They are widely used curves and thus a good way to reduce 
> conspiracy theories that they were chosen in some malicious way to 
> subvert DRBG.

Er, don't we currently have documents from the New York Times and the
Guardian that say that in fact they *did* subvert them?

Yes, a week ago this was paranoia, but now we have confirmation, so
it is no longer paranoia.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list