@alexstamos I'd argue, and I think NSA would too, that Dual_EC isn't "weaker" in any meaningful sense.
-
-
Replying to @thegrugq
@thegrugq@alexstamos pretty sure dual-ex drbg has observable bias. It's a bad prng.1 reply 0 retweets 0 likes -
Replying to @marshray
@marshray@alexstamos ok, but it is possible to create a system that only NSA has the key and it is "secure" enough.1 reply 0 retweets 0 likes -
Replying to @thegrugq
@thegrugq@marshray@alexstamos this statement can be rephrased as "NSA can securely store and access-control a 4kb string"; can also be HSM2 replies 0 retweets 0 likes -
Replying to @veorq
@veorq@marshray@alexstamos yeah, I think it is technically possible to do, so I don't think we should say it isn't.1 reply 0 retweets 0 likes -
Replying to @thegrugq
@thegrugq@veorq@alexstamos not without sacrificing the security property of Forward Secrecy.1 reply 0 retweets 0 likes -
-
Replying to @thegrugq
@thegrugq@marshray@alexstamos not necessarily, backdoor may require interaction (active MitM, say)1 reply 0 retweets 0 likes -
Replying to @veorq
@veorq@thegrugq@alexstamos But#NSA already has that capability via government root cents (and Superfish, etc.)2 replies 0 retweets 0 likes
@marshray @veorq @thegrugq @alexstamos just have the NSA generate your private keys: http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key …
-
-
Replying to @bascule
@bascule@marshray@thegrugq@alexstamos many more tricks in https://math.uwaterloo.ca/combinatorics-and-optimization/sites/ca.combinatorics-and-optimization/files/uploads/files/Jihoon-C.pdf …1 reply 1 retweet 3 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.