[Cryptography] [cryptography] SSH uses secp256/384r1 which has the same parameters as what's in SEC2 which are the same the parameters as specified in SP800-90 for Dual EC DRBG!
Perry E. Metzger
perry at piermont.com
Mon Sep 9 18:03:14 EDT 2013
On Mon, 9 Sep 2013 14:07:58 +0300 Alexander Klimov
<alserkli at inbox.ru> wrote:
> On Mon, 9 Sep 2013, Daniel wrote:
> > Is there anyone on the lists qualified in ECC mathematics that can
> > confirm that?
> NIST SP 800-90A, Rev 1 says:
> The Dual_EC_DRBG requires the specifications of an elliptic curve
> and two points on the elliptic curve. One of the following NIST
> approved curves with associated points shall be used in
> applications requiring certification under [FIPS 140]. More details
> about these curves may be found in [FIPS 186], the Digital
> Signature Standard.
> > And what ramifications it has, if any..
> No. They are widely used curves and thus a good way to reduce
> conspiracy theories that they were chosen in some malicious way to
> subvert DRBG.
Er, don't we currently have documents from the New York Times and the
Guardian that say that in fact they *did* subvert them?
Yes, a week ago this was paranoia, but now we have confirmation, so
it is no longer paranoia.
Perry E. Metzger perry at piermont.com
More information about the cryptography