[Cryptography] Fwd: OPENSSL FREAK
Ray Dillinger
bear at sonic.net
Sat Apr 4 14:53:09 EDT 2015
On 04/04/2015 04:26 AM, Jerry Leichter wrote:
> So in the last 50 years or so, can you give an example in which a Death Note would have actually been published?
Every variety of "export mode" encryption could and
should have received a Death Note long before now.
They had been deprecated but, despite being a clear
and present danger, were still in use. A timely
Death Note could have stopped them.
Some whistleblower like Snowden or Manning inside
the NSA who actually knows the magic numbers behind
the Dual-EC DRBG and feels that it is a crime against
society (and would be right to believe so) ought to
have been able to publish a Death Note against that.
If they could do it without putting their life,
freedom, and families on the line, they probably
would have.
Mobile phone and wi-fi encryption that somebody
can break with a laptop in seconds? That's not
an implementation flaw, that is a dead cipher.
Send it a Death Note and bury it.
These primitives are completely, unambiguously,
provably, *BROKEN!* Getting them the hell out
of public infrastructure is an obligation. It's
basic disaster response like clearing away the
wreckage of a collapsed bridge.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150404/d6439348/attachment.sig>
More information about the cryptography
mailing list