Did NSA Put a Secret Backdoor in New Encryption Standard?

AndyRossy

sr. member

Activity: 448

Merit: 250

Quote from: Foxpup on October 03, 2012, 04:38:07 AM

Quote from: picobit on October 03, 2012, 04:02:02 AM

So there is a backdoor, and you know what it is? Grin

There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there?

Sounds like a trap.

Foxpup

legendary

Activity: 4494

Merit: 3178

Vile Vixen and Miss Bitcointalk 2021-2023

Quote from: picobit on October 03, 2012, 04:02:02 AM

So there is a backdoor, and you know what it is? Grin

There definitely exists a "magic number" which allows whoever knows the magic number along with 32 bytes of the PRNG output to completely predict the rest of the output. The algorithm designer may (or may not) have had a specific magic number in mind when designing this algorithm. If so, it's a backdoor. If not, it's not (but there's no way to know for sure). Consider also that this algorithm is about a thousand times slower than other PRNGs and produces random numbers with a slight bias, making it an extremely poor choice even if it doesn't have a backdoor. The only reason I can think of for the NSA to endorse such an obviously flawed algorithm is that it's the only one they were able to get a backdoor into. What other explanation is there?

picobit

hero member

Activity: 547

Merit: 500

Decor in numeris

Quote from: Foxpup on October 02, 2012, 04:03:09 PM

Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.

So there is a backdoor, and you know what it is? Grin

scomil

newbie

Activity: 15

Merit: 0

Quote from: Foxpup on October 02, 2012, 04:03:09 PM

The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard.

Quote from: scomil on October 02, 2012, 01:02:45 PM

Anything to worry about?

Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.

Thank you. Answer I was looking for. Satoshi sure knew his stuff.

Foxpup

legendary

Activity: 4494

Merit: 3178

Vile Vixen and Miss Bitcointalk 2021-2023

The headline is misleading, as Dual_EC_DRBG is a pseudo-random number generator, not an encryption standard.

Quote from: scomil on October 02, 2012, 01:02:45 PM

Anything to worry about?

Only if you use Dual_EC_DRBG. Bitcoin doesn't use it, or any other PRNG for that matter, instead relying on the OS's entropy source, which (normally) produces random numbers from hardware sources. Note that ECDSA (which Bitcoin does use) is not related to Dual_EC_DRBG in any way other than being based on the elliptic curve discrete logarithm problem, and does not have this backdoor.

foggyb

legendary

Activity: 1708

Merit: 1006

Quote from: kiba on October 02, 2012, 01:14:13 PM

NSA is not always an evil organization.....

Well that's comforting.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: kiba on October 02, 2012, 01:14:13 PM

NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.

Human history is full of stupid, you know?

kiba

legendary

Activity: 980

Merit: 1014

NSA is not always an evil organization that seeks to add a backdoor to everything, ya know? How would NSA like it if they propose a backdoor to their own government, and enemies use said backdoor to break into it? It would be beyond stupid.

notme

legendary

Activity: 1904

Merit: 1002

Quote from: scomil on October 02, 2012, 01:02:45 PM

Anything to worry about?

No.

scomil

newbie

Activity: 15

Merit: 0

http://www.cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard

"But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute."

Anything to worry about?

Topic: Did NSA Put a Secret Backdoor in New Encryption Standard? (Read 1994 times)