[Cryptography] Boing Boing pushing an RSA Conference boycott

[Jonathan Hunt]

Oh come on. Here is Schneier in 2007 linking to a presentation by 2
very respected cryptographers (Shumow, Ferguson) demonstrating their
ability to backdoor Dual EC by choosing the constants. This was a bad
of a break of an RNG as you could possibly hope to see.
https://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html

You can choose between explaining RSA's actions as (evil) selling out
their customers or genuine incompetence at their stated core business.
But the results above were well-known in the security community since
2007 and demonstrated a practical possibility that Dual EC was
backdoored. From 2008 onwards, leaving Dual EC (with default
constants) as the default choice for a cryptographic library is not a
defensible choice.

Jonny

On Wed, Jan 15, 2014 at 10:29 AM, Salz, Rich <rsalz at akamai.com> wrote:
>> Also, we have the fact that they ignored the warnings that came out about DUAL_EC, from around 2007 - 2013.
>> In short, their highly regarded cryptographic experts were not deployed, not available, not on that job.
>
> Perhaps their experts had different opinions. Or perhaps the marketing literature you quoted was somewhat exaggerated; wow, like that's never happened before.
>
> It's easy to look backwards and say "they must have been evil."  But unless you were there, or can read minds, that's just an opinion.
>
> --
> Principal Security Engineer
> Akamai Technology
> Cambridge, MA
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography