[Cryptography] RSA recommends against use of its own products.

Kristian Gjøsteen kristian.gjosteen at math.ntnu.no
Wed Sep 25 08:29:18 EDT 2013

24. sep. 2013 kl. 18:01 skrev Jerry Leichter <leichter at lrw.com>:

> At the time this default was chosen (2005 or thereabouts), it was *not* a "mistake".  Dual EC DRBG was in a just-published NIST standard.  ECC was "hot" as the best of the new stuff - with endorsements not just from NSA but from academic researchers.

Choosing Dual-EC-DRBG has been a mistake for its entire lifetime, because it is so slow.

While some reasonable people seem to have a preference for cryptography based on number theory, I've never met anyone who would actually use Dual-EC-DRBG. (Blum-Blum-Shub-fanatics show up all the time, but they are all nutcases.)

I claim that RSA was either malicious, easily fooled or incompetent to use the generator. I will not buy anything from RSA in the future. Were I using RSA products or services, I would find replacements.

(For what it's worth, I discounted the press reports about a trapdoor in Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I was wrong.)

Kristian Gjøsteen

More information about the cryptography mailing list