Conversation

twitter.com/matthew_d_gree This doesn't sit right with me. I don't find

's gut feeling that this person was part of a government scheme to backdoor cryptography to be a valid reason to send a mob after them 12 years later. They aren't even the main author of this.

Quote Tweet

Matthew Green

@matthew_d_green

Feb 4, 2021

How it started: How it’s going:

Show this thread

12:27 AM · Feb 6, 2021Twitter Web App

Replying to

The information security community gives the benefit of the doubt to a lot of people who in the past compromised organizations and users. In this case, we don't know she did that, and even if we did it's not like she was maliciously hacking people and dumping their mail spools.

Daniel Micay

@DanielMicay

Feb 6, 2021

Assume that there is really an elaborate backdoor. There's enough circumstance evidence to believe it. The Extended Random feature by itself isn't a backdoor: twitter.com/DanielMicay/st I think the fact this person attached their name to it publicly hints they may not have known.

Quote Tweet

Daniel Micay

@DanielMicay

Feb 6, 2021

Replying to @DanielMicay @RichFelker and @matthew_d_green

For simplicity, assume the CSPRNG for it is insecure. It could even be a totally insecure PRNG like XorShift. It could return zeroed values every single time. Does it matter, with how the standard proposes using it? I'll happily call it useless cargo cult nonsense, but backdoor?

Daniel Micay

@DanielMicay

Feb 6, 2021

I don't think there's the evidence to justify publicly accusing this person of knowingly being involved in creating a set of standards usable together as a backdoor. There's a difference between accusing the NSA of doing it and singling out a person they had do standards work.

Replying to

Not so much a gut feeling as the fact that a standard appeared in exactly on library that also contained another backdoor, and the two happen to accelerate each other.

Replying to

and

As far as who to blame. Should we go by first author second author. Or should we go by senior cleared NSA author paying the contractor, or uncleared contractor being paid for work. (People “liked” your tweet and attached their names to this. It’s beautiful.)