D. J. Bernstein wrote: > More recently, NSA's Dickie George is on video claiming that NSA generated > the Dual EC points randomly and that Dual EC is secure.
Do you have a link to the video? Such a comment is surprising as it is a very bad PR strategy. “No comment” is a far better strategy. The last comment I saw was: "With hindsight, NSA should have ceased supporting the Dual EC DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable." https://www.ams.org/journals/notices/201502/rnoti-p165.pdf Analysing Dual_EC_DRBG objectively, a backdoor is the only rational requirement that could have led to its design. In addation to having a backdoor, it is a really bad DRBG being both slow and non-uniform. It is also a fact that Dual_EC_DRBG is not secure as the backdoor was backdoored, enabling serious attacks by a hostile nation state on US critical infrastructure. https://web.archive.org/web/20151222092252/https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/<https://web.archive.org/web/20151222092252/https:/rpw.sh/blog/2015/12/21/the-backdoored-backdoor/> D. J. Bernstein wrote: > Yes, NSA has deep cryptographic expertise. This does _not_ mean that we > should be trusting NSA's recommendations. An internal NSA history book (which > NSA successfully kept secret for many years) shows NSA deciding to manipulate > public standards to make sure they were "weak enough" for NSA to break. See > https://blog.cr.yp.to/20220805-nsa.html for quotes and further examples. I don’t know why you (and the IETF) are so obsessed with NSA, there are very good reasons to take recommendations from SIGINT with a grain of salt and force them to provide thorough motivation, but there are _many_ SIGINT agencies globally. Snowden publicly said that GCHQ is “worse” than NSA, and I have heard a person with a background in SIGINT stating that French SIGINT is the “worst”. Then we have very active SIGINT from a lot of other countries such as China, Russia, Iran, and North Korea, etc. According to Research Nester and Mordor Intelligence, North America only has 32% of the global SIGINT market share and Asia Pacific is the fastest growing market. https://www.researchnester.com/reports/signals-intelligence-market/5134/market-share https://www.mordorintelligence.com/industry-reports/signals-intelligence-sigint-market I think it is good with increased participation from government agencies in the IETF. Suite B, CNSA 1.0, and ZTA are all very good recommendations from NSA, significantly surpassing what was typical in deployments at the time they were introduced. We would not be prepared for PQC if it was not for the NSA. https://web.archive.org/web/20150831131731/https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml<https://web.archive.org/web/20150831131731/https:/www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml>
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
