[Cryptography] RSA recommends against use of its own products.
Alan Braggins
alan.braggins at gmail.com
Wed Sep 25 10:45:45 EDT 2013
On 24 September 2013 17:01, Jerry Leichter <leichter at lrw.com> wrote:
> On Sep 23, 2013, at 4:20 AM, ianG <iang at iang.org> wrote:
>>> ... But they made Dual EC DRBG the default ...
>>
>> At the time this default was chosen (2005 or thereabouts), it was *not* a "mistake".
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
"Problems with Dual_EC_DRBG were first described in early 2006"
With hindsight, it was definitely a mistake. The questions are whether
they could or should
have known it was a mistake at the time and whether the NSA played any
part in the mistake,
and whether they should have warned users and changed the default well
before now.
--
alan.braggins at gmail.com
http://www.chiark.greenend.org.uk/~armb/
More information about the cryptography
mailing list