[Cryptography] Elliptical Curveball

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Dec 8 05:13:54 EST 2015

>From today's Daily WTF:


  Everything in cryptography depends upon “high quality” random numbers, and
  lots of them. People get into semi-informed flamewars about what “entropy”
  means, government agencies sneak backdoors into algorithms, performance
  matters, secrecy matters, and unpredictability matters. The standard which
  defines four randomness generators is NIST Special Publication 800–90. One
  of the four raised suspicions because it (Dual_EC_DRBG) was three times
  slower than any of the others.

  Joe… well, Joe sends us his own code, which “fixed” this. He made one of the
  others slower. Using MySQL stored procedures. Just bear in mind, with the
  below, that it’s still cleaner, more comprehensible, and generally saner
  than OpenSSL.

  -- prng_nistctr_sp
  -- Implements the NIST SP 800-90 CTR_DRBG cryptographic random number generator standard
  -- with MySQL AES_ENCRYPT() as the block cipher (256 bit seed, 128 bit output)


A PRNG implemented as MySQL stored procedures.  Wow.


More information about the cryptography mailing list