[Cryptography] RSA recommends against use of its own products.

Alan Braggins alan.braggins at gmail.com
Wed Sep 25 10:45:45 EDT 2013

On 24 September 2013 17:01, Jerry Leichter <leichter at lrw.com> wrote:
> On Sep 23, 2013, at 4:20 AM, ianG <iang at iang.org> wrote:

>>> ...  But they made Dual EC DRBG the default ...
>> At the time this default was chosen (2005 or thereabouts), it was *not* a "mistake".

  "Problems with Dual_EC_DRBG were first described in early 2006"

With hindsight, it was definitely a mistake. The questions are whether
they could or should
have known it was a mistake at the time and whether the NSA played any
part in the mistake,
and whether they should have warned users and changed the default well
before now.

alan.braggins at gmail.com

More information about the cryptography mailing list