[Cryptography] RSA recommends against use of its own products.
kristian.gjosteen at math.ntnu.no
Wed Sep 25 08:29:18 EDT 2013
24. sep. 2013 kl. 18:01 skrev Jerry Leichter <leichter at lrw.com>:
> At the time this default was chosen (2005 or thereabouts), it was *not* a "mistake". Dual EC DRBG was in a just-published NIST standard. ECC was "hot" as the best of the new stuff - with endorsements not just from NSA but from academic researchers.
Choosing Dual-EC-DRBG has been a mistake for its entire lifetime, because it is so slow.
While some reasonable people seem to have a preference for cryptography based on number theory, I've never met anyone who would actually use Dual-EC-DRBG. (Blum-Blum-Shub-fanatics show up all the time, but they are all nutcases.)
I claim that RSA was either malicious, easily fooled or incompetent to use the generator. I will not buy anything from RSA in the future. Were I using RSA products or services, I would find replacements.
(For what it's worth, I discounted the press reports about a trapdoor in Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I was wrong.)
More information about the cryptography