[Cryptography] RSA recommends against use of its own products.
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Sep 25 19:18:08 EDT 2013
=?iso-8859-1?Q?Kristian_Gj=F8steen?= <kristian.gjosteen at math.ntnu.no> writes:
>(For what it's worth, I discounted the press reports about a trapdoor in
>Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I
>was wrong.)
+1. It's the Vinny Gambini effect (from the film My Cousin Vinny):
Judge Haller: Mr. Gambini, didn't I tell you that the next time you appear
in my court that you dress appropriately?
Vinny: You were serious about dat?
And it's not just Dual-EC-DRBG that triggers the "You were serious about dat?"
response, there are a number of bits of security protocols where I've been...
distinctly surprised that anyone would actually do what the spec said.
(Having said that, I've also occasionally been pleasantly surprised when, by
unanimous unspoken consensus among implementers, everyone ignored the spec and
did the right thing).
Peter.
More information about the cryptography
mailing list