Conversation

Replying to
I don't think we should be going after either of these people or blaming them for anything. It's a very clear misrepresentation of what I said. Please don't accuse me of something that I clearly didn't do. Thanks.
1
2
I'm open to the concept that the NSA was trying to sabotage standards by proposing useless extensions to them but I doubt that many people would have ever used something like this aside from them. I don't really see how adding extra random values that are hashed can cause harm.
1
This is the same way the Linux kernel adds entropy from untrusted sources. An attacker can overwrite this data so the standard might as well be calling these fields attacker_input and extended_attacker_input. I don't understand why they even have the original non-extended one.
1
1
Replying to and
It only matters (negatively) for security if you happen to have a PRNG where a certain number of consecutive PRNG bytes *must* be placed on the wire for the backdoor to be effective. The only such PRNG is Dual EC. The only crypto library that useD DualEC by default is RSA BSAFE.
1
5
Show replies