[Cryptography] "NSA could put undetectable “trapdoors” in millions of crypto keys"
Hanno Böck
hanno at hboeck.de
Wed Oct 12 05:50:51 EDT 2016
On Wed, 12 Oct 2016 09:19:49 +0200
Sebastian Krahmer <krahmer at suse.com> wrote:
> NUMS and NOBUS isnt really new, thats why standards like for the
> Brainpool parameters exist.
Brainpool is a particularly bad example of a NUMS mechanism.
They claim that this is a problem with the NIST curves, yet their own
mechanism looks almost as suspicious. They have a repeated pattern in
their curve parameters [1] and via brute forcing it's easily possible to
generate a 1 out of 16 million parameter set, as has been shown in the
bada55 research [2].
To clarify: I don't believe there's a backdoor in Brainpool. But in
terms of NUMS mechanisms it's more an example of how not to do things.
[1] https://bada55.cr.yp.to/brainpool.html
[2] https://bada55.cr.yp.to/
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161012/94f1833f/attachment.sig>
More information about the cryptography
mailing list