[Discuss] Encrypt Everything?

[richard.pieri at gmail.com (Richard Pieri)]

Edward Ned Harvey (blu) wrote:
> True, the NSA sabotaged some RNG algorithms in NIST, but those were
> discovered and exposed by peer community review before any widespread
> adoption.  That's the point of a public open competition.

NIST Special Publication 800-90 from March 2007. That's where 
Dual_EC_DRBG is presented as a federal standard.

Now go peruse this:
http://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf
which describes the Dual_EC_DRBG implementation in OpenSSL as part of 
the FIPS 140-2 certification.

And this:
http://rump2007.cr.yp.to/15-shumow.pdf
which describes the weakness in the algorithm as, paraphrased, "we're 
not saying that it is a backdoor but we do wonder".

Despite the security community being suspicious of it for nearly EIGHT 
YEARS the algorithm is in everything that complies with FIPS 140-2. 
Including OpenSSL and Mozilla's NSS. That's every major web browser 
other than Internet Explorer. Oh, and Microsoft's cryptographic module 
also has FIPS 140-2 certification, so IE has it, too.

Every major desktop and server OS in operation today has it. Every 
smartphone and tablet other than maybe really old PalmOS stuff has it. 
Sony and Microsoft use FIPS 140-2 certified libraries on their consoles; 
Nintendo uses CyaSSL which is in the process of obtaining that 
certification. I can't think of any widely-used, networked consumer 
devices that aren't "contaminated" with this algorithm and probably 
others that have been surreptitiously weakened by the NSA.

-- 
Rich P.