On 09/24/2013 07:27 AM, Dr. Stephen Henson wrote: > ... > > Future versions of OpenSSL will fail if an attempt is made to use the Dual EC > DRBG.
Note we're also looking into removing Dual EC DRBG from the OpenSSL FIPS Object Module, a more difficult proposition as there are strict restrictions on changes to FIPS 140-2 validated modules even to address security issues. For the typical user of the FIPS module accessing it via the "FIPS capable" OpenSSL the presence or absence of Dual EC DRBG in the FIPS module itself will be moot once it disappears from OpenSSL proper. But, in a few cases the FIPS module is used directly. Incidentally, I was the one who advocated the implementation of that DRBG, along with the other three in SP800-90, on the grounds that a) it was after all an official standard, b) OpenSSL already implements some weak algorithms, and c) the deficiencies were so well known that surely no one would be stupid enough to actually use it for any serious real world applications. I was profoundly wrong about that. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
