<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body><div style="font-family: sans-serif;"><div class="plaintext" style="white-space: normal;"><p dir="auto">I'd include this Usenix Security paper: <a href="https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway" style="color: #3983C4;">https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway</a> "On the Practical Exploitability of Dual EC in TLS Implementations" and <a href="https://dl.acm.org/citation.cfm?id=2978395" style="color: #3983C4;">https://dl.acm.org/citation.cfm?id=2978395</a>: A systematic analysis of the Juniper Dual EC incident from ACM SIGSAC.</p>
<p dir="auto">On 30 Jan 2026, at 9:55, Jason Cooper via cryptography wrote:</p>
</div><blockquote class="embedded" style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #777777; color: #777777;"><div id="CBDF0F08-250D-40C8-B461-56B942B94739">
<div style="all: revert; display: block; visibility: visible; opacity: 1;">
<div style="display:none !important;display:none;visibility:hidden;mso-hide:all;font-size:1px;color:#ffffff;line-height:1px;max-height:0px;opacity:0;overflow:hidden;">Hi Tony! On Wed, Jan 28, 2026 at 04: 45: 27PM -0500, Tony Patti wrote: > I have created a "Curated Cryptology Compendium" at > https: //urldefense. com/v3/__https: //cryptosystemsjournal. com/curated-cryptology-compendium. html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$</div>
<!-- Preheader Text : END -->
<!-- Email Banner : BEGIN -->
<div style="display:none !important;display:none;visibility:hidden;mso-hide:all;font-size:1px;color:#ffffff;line-height:1px;max-height:0px;opacity:0;overflow:hidden;">ZjQcmQRYFpfptBannerStart</div>
<!--[if ((ie)|(mso))]>
<table border="0" cellspacing="0" cellpadding="0" width="100%" style="padding: 0px 0px 10px 0px; direction: ltr" lang="en"><tr><td>
<table border="0" cellspacing="0" cellpadding="0" style="padding: 0px 8px 6px 8px; width: 100%; border-radius:4px; border-top:4px solid #90a4ae;background-color:#d0d8dc;"><tr><td valign="top">
<table align="left" border="0" cellspacing="0" cellpadding="0" style="padding: 0px 8px 4px 8px; font-size: 12px; line-height: 16px">
<tr><td style="color:#000000; font-family: 'Arial', sans-serif; font-weight:bold; font-size:14px; line-height: 20px; direction: ltr">
This Message Is From an External Sender
</td></tr>
<tr><td style="color:#000000; font-weight:normal; font-family: 'Arial', sans-serif; font-size:12px; direction: ltr">
This message came from outside your organization.
</td></tr>
</table>
</td></tr></table>
</td></tr></table>
<![endif]-->
<![if !((ie)|(mso))]>
<div dir="ltr" lang="en" id="pfptBanneri9ntftz" style="visibility: visible; opacity: 1; max-width: none; max-height: none; all: revert; display: block; text-align: left; margin: 0 0 10px 0; padding: 7px 16px 8px 16px; border-radius: 4px; min-width: 200px; background-color: #d0d8dc; border-top: 4px solid #90a4ae;">
<div id="pfptBanneri9ntftz" style="visibility: visible; opacity: 1; background-color: #d0d8dc; max-height: none; all: unset; float: left; display: block; margin: 1px 0 1px 0; max-width: 600px;">
<div id="pfptBanneri9ntftz" style="opacity: 1; max-width: none; max-height: none; all: unset; display: block; visibility: visible; background-color: #d0d8dc; color: #000000; font-family: 'Arial', sans-serif; font-weight: bold; font-size: 14px; line-height: 1.29;">This Message Is From an External Sender</div>
<div id="pfptBanneri9ntftz" style="font-weight: normal; opacity: 1; max-width: none; max-height: none; all: unset; display: block; visibility: visible; background-color: #d0d8dc; color: #000000; font-family: 'Arial', sans-serif; font-size: 12px; line-height: 1.5; margin-top: 2px;">This message came from outside your organization.</div>
</div>
<div style="clear: both !important; display: block !important; visibility: hidden !important; line-height: 0 !important; font-size: 0.01px !important; height: 0px"> </div>
</div>
<![endif]>
<div style="display:none !important;display:none;visibility:hidden;mso-hide:all;font-size:1px;color:#ffffff;line-height:1px;max-height:0px;opacity:0;overflow:hidden;">ZjQcmQRYFpfptBannerEnd</div>
<!-- Email Banner : END -->
<!-- BaNnErBlUrFlE-BoDy-end -->
<head>
<!-- BaNnErBlUrFlE-HeAdEr-start -->
<!-- BaNnErBlUrFlE-HeAdEr-end -->
</head>
<pre style="font-family: sans-serif; font-size: 100%; white-space: pre-wrap; word-wrap: break-word">Hi Tony!
On Wed, Jan 28, 2026 at 04:45:27PM -0500, Tony Patti wrote:
> I have created a "Curated Cryptology Compendium" at
> <a href="https://urldefense.com/v3/__https://cryptosystemsjournal.com/curated-cryptology-compendium.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$">https://urldefense.com/v3/__https://cryptosystemsjournal.com/curated-cryptology-compendium.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$</a>
...
> I intend this to be a living project, and I'd appreciate feedback -- if you
> have additions or corrections, let's make this the best resource possible
> for the community!
Just spotted something missing, Dual-EC DRBG compromise. I'm not sure what
should be considered a canonical writeup of the incident, but here's a few to
get started:
Harvard Law Journal, "Dueling over Dual-EC DRBG: The Consequences of Corrupting
a Cryptographic Standardization Process"
<a href="https://urldefense.com/v3/__https://journals.law.harvard.edu/nsj/wp-content/uploads/sites/82/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTcQTfTHo$">https://urldefense.com/v3/__https://journals.law.harvard.edu/nsj/wp-content/uploads/sites/82/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTcQTfTHo$</a>
IACR, "Dual EC: A Standardized Backdoor"
<a href="https://urldefense.com/v3/__https://eprint.iacr.org/2015/767.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTenMnpzo$">https://urldefense.com/v3/__https://eprint.iacr.org/2015/767.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTenMnpzo$</a>
There's a slew of them, and imo, would be a great addition to the Compendium.
And more specifically, The Juniper compromise really shined a light on the
Dual-EC DRBG weakness:
<a href="https://urldefense.com/v3/__https://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTFzxIc4E$">https://urldefense.com/v3/__https://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTFzxIc4E$</a>
In short, Juniper used Dual-EC DRBG in their VPN gateway. Someone broke in and
changed the Q value so the attackers could leverage the backdoor.
From the article:
> In its 2012 probe, Juniper learned that the hackers had stolen a file
> containing NetScreen’s ScreenOS source code from an engineer’s computer. The
> company didn’t realize that the hackers returned a short time later, accessed
> a server where new versions of ScreenOS were prepared before being made
> available to customers and altered the code, according to the two people
> involved in the 2015 investigation and the document. The hackers' tweak
> involved changing the Q value that the NSA algorithm used — the very same
> vulnerability that Microsoft researchers had identified years earlier. The
> hack allowed them to potentially bypass customers' encryption and eavesdrop
> on their communications.
thx,
Jason.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
<a href="https://urldefense.com/v3/__https://www.metzdowd.com/mailman/listinfo/cryptography__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTExR2Z_E$">https://urldefense.com/v3/__https://www.metzdowd.com/mailman/listinfo/cryptography__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTExR2Z_E$</a>
</pre>
</div></div></blockquote>
<div class="plaintext" style="white-space: normal;">
<br><p dir="auto"> --Steve Bellovin, <a href="https://www.cs.columbia.edu/~smb" style="color: #3983C4;">https://www.cs.columbia.edu/~smb</a></p>
</div>
</div>
</body>
</html>