[Cryptography] Curated Cryptology Compendium
Jason Cooper
cryptography at lakedaemon.net
Sat Jan 31 14:52:05 EST 2026
Hi Tony,
On Fri, Jan 30, 2026 at 09:55:33AM -0500, Jason Cooper via cryptography wrote:
> On Wed, Jan 28, 2026 at 04:45:27PM -0500, Tony Patti wrote:
> > I have created a "Curated Cryptology Compendium" at
> > https://cryptosystemsjournal.com/curated-cryptology-compendium.html
>
> ...
>
> > I intend this to be a living project, and I'd appreciate feedback -- if you
> > have additions or corrections, let's make this the best resource possible
> > for the community!
>
> Just spotted something missing, Dual-EC DRBG compromise. I'm not sure what
> should be considered a canonical writeup of the incident, but here's a few to
> get started:
I've somehow managed to inadvertently delete a couple of responses to this
thread from my local archive. sigh.
By far, "A Systematic Analysis of the Juniper Dual EC Incident" by Checkoway et
al should be considered the canonical write up of the incident. Feel free to
remove some of my other suggestions as they were just the first couple of hits
from $search_engine to bring others up to speed. No need to pollute the list.
The Checkoway analysis does an outstanding job of firmware reverse engineering,
cryptographic analysis, and practical demonstration of the resulting passive
decryption capability. I'd forgotten about the reused global variable for the
loop counter which led to revealing critical Dual EC DRBG state despite the
chained ANSI X9.31 PRNG.
thx,
Jason.
More information about the cryptography
mailing list