Thanks :) Sent from my iPhone
> On Sep 24, 2013, at 4:28 PM, "Steve Marquess-3 [via OpenSSL]" > <ml-node+s6102n4664...@n7.nabble.com> wrote: > > On 09/24/2013 07:27 AM, Dr. Stephen Henson wrote: > > ... > > > > Future versions of OpenSSL will fail if an attempt is made to use the Dual > > EC > > DRBG. > > Note we're also looking into removing Dual EC DRBG from the OpenSSL FIPS > Object Module, a more difficult proposition as there are strict > restrictions on changes to FIPS 140-2 validated modules even to address > security issues. > > For the typical user of the FIPS module accessing it via the "FIPS > capable" OpenSSL the presence or absence of Dual EC DRBG in the FIPS > module itself will be moot once it disappears from OpenSSL proper. But, > in a few cases the FIPS module is used directly. > > Incidentally, I was the one who advocated the implementation of that > DRBG, along with the other three in SP800-90, on the grounds that a) it > was after all an official standard, b) OpenSSL already implements some > weak algorithms, and c) the deficiencies were so well known that surely > no one would be stupid enough to actually use it for any serious real > world applications. I was profoundly wrong about that. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > [hidden email] > [hidden email] > gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > > > If you reply to this email, your message will be added to the discussion > below: > http://openssl.6102.n7.nabble.com/Dual-EC-DRBG-tp46628p46642.html > To unsubscribe from Dual_EC_DRBG, click here. > NAML smime.p7s (3K) <http://openssl.6102.n7.nabble.com/attachment/46643/0/smime.p7s> -- View this message in context: http://openssl.6102.n7.nabble.com/Dual-EC-DRBG-tp46628p46643.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
