[Cryptography] Boing Boing pushing an RSA Conference boycott

Jonathan Hunt j at me.net.nz
Wed Jan 15 17:04:56 EST 2014


> On Wed, Jan 15, 2014 at 2:24 PM, Jonathan Hunt <j at me.net.nz> wrote:
>> You can choose between explaining RSA's actions as (evil) selling out
>> their customers or genuine incompetence at their stated core business.
>> But the results above were well-known in the security community since
>> 2007 and demonstrated a practical possibility that Dual EC was
>> backdoored. From 2008 onwards, leaving Dual EC (with default
>> constants) as the default choice for a cryptographic library is not a
>> defensible choice.

On Wed, Jan 15, 2014 at 12:48 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> What then should we do about all the folk clinging to 3DES? How about the
> people who stuck with MD5? How about the people who have not junked SHA-1?

I don't think anyone recommends using these broken constructs in new
projects (i.e. sets them as default in a cryptography library). There
are, of course, costs to changing legacy systems  and genuine
differences of opinion about the urgency of the change (for example
SHA-1 had known weakness prior to a demonstrated ability to find
collisions).

This would be a reasonable defense for why DUAL_EC might need to be
left as an option in a crytography library (legacy support, for those
who need to meet government certifications etc.). Its not a reasonable
reason for leaving a demonstrably practical backdoored RNG as the
default for 5 years.

> Rather than compiling lists of people who should be drummed out of the
> industry for bad decisions their companies made in the past, how about
> compiling a list of proposals for things that you think people should get
> drummed out for in the future?

I really don't understand how much worse RSA's situation could get
before you'd agree with "drumming them out." They secretly took money
from the NSA. They, inexplicably, left a known-likely-backdoored RNG
as the default in their crytography library for 5 years (while
marketing it as being vetted by experts). Their recent response was
laughable (essentially saying they used NIST standards and abdicating
their own judgement). Is there anything a security company can do that
would make you loose your good faith in them?

(it also important to say that I'm not saying anything about
individual employees/owners etc of RSA most of whom were probably
uninvolved).


More information about the cryptography mailing list