Talk:Dual EC DRBG: Difference between revisions

Content deleted Content added

Inline

Revision as of 22:45, 5 September 2013

This is the talk page for discussing improvements to the Dual EC DRBG article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

United States: Government Stub‑class Low‑importance

	United States portal This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions. Template Usage Articles Requested! Become a Member Project Talk Alerts United StatesWikipedia:WikiProject United StatesTemplate:WikiProject United StatesUnited States articles
Stub	This article has been rated as Stub-class on Wikipedia's content assessment scale.
Low	This article has been rated as Low-importance on the project's importance scale.
	This article is supported by WikiProject U.S. Government (assessed as Low-importance).

Slowness

Bruce Schneier says (http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html) that Dual EC DRBG is three orders of magnitude, not three times, slower than its peers. Peter 16:14, 15 November 2007 (UTC)[reply]

Fixed. -- intgr [talk] 17:12, 15 November 2007 (UTC)[reply]

Missing information

The following information is missing from the article:

When was this PRNG standardized? (The document in reference 1 is from march 2007, but it is titled "(revised)".
How does it actually work?

-- Paul Ebermann (talk) 15:21, 12 September 2011 (UTC)[reply]

"Fatal weakness" engineered by NSA?

The article currently says that DUAL_EC_DRBG has a fatal weakness which was engineered by the NSA, but that seems to be speculation. The NYT article provided as a citation does not identify the algorithm. Here is the full quote:

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Bruce Schneier has speculated that DUAL_EC_DRBG is the algorithm in question, but if that's the best we have we should a) cite it and b) state that it is speculation.

– mike@enwiki:~$ 22:45, 5 September 2013 (UTC)[reply]

@@ Line 12: / Line 12: @@
 -- [[User:Paul Ebermann|Paul Ebermann]] ([[User talk:Paul Ebermann|talk]]) 15:21, 12 September 2011 (UTC)
+== "Fatal weakness" engineered by NSA? ==
+The article [https://en.wikipedia.org/enwiki/w/index.php?title=Dual_EC_DRBG&diff=571688976&oldid=545030957 currently] says that DUAL_EC_DRBG has a fatal weakness which was engineered by the NSA, but that seems to be speculation. The NYT article provided as a citation does not identify the algorithm. Here is the full quote:
+<blockquote>
+Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.<br/>
+Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.<br/>
+Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”<br/>
+“Eventually, N.S.A. became the sole editor,” the memo says.
+</blockquote>
+Bruce Schneier has [http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675954 speculated] that DUAL_EC_DRBG is the algorithm in question, but if that's the best we have we should a) cite it and b) state that it is speculation.
+&nbsp;&ndash;&nbsp;<code style="color:#4B0082; font-weight:bold;">[[User:Mike.lifeguard|mike]]@[[User talk:Mike.lifeguard|enwiki]]:&#126;$&nbsp;</code> 22:45, 5 September 2013 (UTC)