Talk:Dual EC DRBG: Difference between revisions

Content deleted Content added

Inline

Revision as of 14:48, 24 December 2013

This is the talk page for discussing improvements to the Dual EC DRBG article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

This article has not yet been rated on Wikipedia's content assessment scale.
It is of interest to the following WikiProjects:

Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details.

United States: Government Start‑class Mid‑importance

	United States portal This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions. Template Usage Articles Requested! Become a Member Project Talk Alerts United StatesWikipedia:WikiProject United StatesTemplate:WikiProject United StatesUnited States articles
Start	This article has been rated as Start-class on Wikipedia's content assessment scale.
Mid	This article has been rated as Mid-importance on the project's importance scale.
	This article is supported by WikiProject U.S. Government (assessed as Mid-importance).

Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details.

Computing: Software Start‑class High‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Start	This article has been rated as Start-class on Wikipedia's content assessment scale.
High	This article has been rated as High-importance on the project's importance scale.
	This article is supported by WikiProject Software.

Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details.

Cryptography: Computer science Start‑class Top‑importance

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
Start	This article has been rated as Start-class on Wikipedia's content assessment scale.
Top	This article has been rated as Top-importance on the importance scale.
	This article is supported by WikiProject Computer science (assessed as Top-importance).

Slowness

Bruce Schneier says (http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html) that Dual EC DRBG is three orders of magnitude, not three times, slower than its peers. Peter 16:14, 15 November 2007 (UTC)[reply]

Fixed. -- intgr [talk] 17:12, 15 November 2007 (UTC)[reply]

Missing information

The following information is missing from the article:

When was this PRNG standardized? (The document in reference 1 is from march 2007, but it is titled "(revised)".
How does it actually work?

-- Paul Ebermann (talk) 15:21, 12 September 2011 (UTC)[reply]

"Fatal weakness" engineered by NSA?

The article currently says that DUAL_EC_DRBG has a fatal weakness which was engineered by the NSA, but that seems to be speculation. The NYT article provided as a citation does not identify the algorithm. Here is the full quote:

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Bruce Schneier has speculated (see here also) that DUAL_EC_DRBG is the algorithm in question, but if that's the best we have we should a) cite it and b) state that it is speculation.

– mike@enwiki:~$ 22:45, 5 September 2013 (UTC)[reply]

Looks like we have actual confirmation. – mike@enwiki:~$ 17:06, 11 September 2013 (UTC)[reply]

Further resources about Dual EC DRBG

http://www.mail-archive.com/cryptography@metzdowd.com/msg12262.html

A message from John Kelsey about the Development of Dual EC DRBG.

http://www.google.com/patents/US20070189527

US Patent US20070189527, "Elliptic curve random number generation" to Daniel Brown, Scott Vanstone, which describes the "backdoor" in Dual EC DRBG, teaches how the backdoor can be removed by generating Q (the second base point) randomly after P (the basepoint) is known by a mechanism not involving point multiplication, thereby ensuring that that P is not a known multiple of Q (which is the "backdoor"), nor that Q is known multiple of P. And further teaching how known secret relations between P and Q may be used as part of a key escrow system.

Published by the NSA?

The statement in the lede is misleading: I can find no publication of the algorithm by the NSA in advance of the NIST SP800 publication. Can anyone cite such a reference? Ross Fraser (talk) 13:34, 23 September 2013 (UTC)[reply]

The current lede does not say that NSA published the standard? Thue (talk) 13:40, 23 September 2013 (UTC)[reply]

Don't be a mouthpiece for RSA

Their statement to Ars is so clearly misleading, that anyone who knows anything about the subject can easily see it. Slow random number generator to thwart attacks? Gimmi a break, this is not how things are done. Wikipedia shouldn't reproduce it without clearly explaining it's nature, as people that does not understand the issues involved might be easily misled by this PR/damage control statement from RSA. jk 22:14, 26 September 2013 (GMT+1)

Agreed 100%. "Dual_EC_DRBG was an accepted and publicly scrutinized standard" - yeah, and the scrutiny had clearly concluded it was inferior and possibly had a backdoor. I am surprised RSA can't find anybody to spin less obvious bullshit. I will change it if nobody else will, using the section I write at Rsa_security#NSA_backdoor as a template. Thue (talk) 22:03, 26 September 2013 (UTC)[reply]

The wording is too argumentative. We can only include what reliable sources say, not our own opinions. I've trimmed out unsourced opinion.--agr (talk) 23:04, 15 October 2013 (UTC)[reply]

Wording problem

The text "one of the recommended configurations of the Dual_EC_DRBG permits the possibility of the existence of a known secret key, which facilitates solution of the problem, has been retained" doesn't parse. Was is supposed to be something like "... permits the possibly that a known secret key ... has been retained"? 2620:0:1000:1501:1260:4BFF:FE68:1974 (talk) 16:48, 3 October 2013 (UTC)[reply]

Revert article rename?

I disagree with the recent article rename, from Dual EC DRBG (Google: 151,000 results) to Dual elliptic curve deterministic random bit generator (Google: 14,500). Note that even Dual_EC_DRBG gets 73,000 Google hits. (All searches with quote marks)

The expansion is way too long and I'd argue it violates WP:COMMONNAME. The subject is most well known due to having a backdoor, it doesn't really matter what technology it's based on. Even the original standard almost exclusively refers to it as "Dual_EC_DRBG", only once does it say "Dual Elliptic Curve Deterministic RBG" -- in the section title. [1] -- intgr [talk] 22:16, 23 December 2013 (UTC)[reply]

I renamed the article because the previous title was an uninformative initialism - the general reader cannot work out what the article is about from the title. Google hits are not a good way to assess proper article names. WP:COMMONNAME calls for article titles to be recognisable and states 'Ambiguous [...] names for the article subject [...] are often avoided even though they may be more frequently used by reliable sources'. Whilst not strictly speaking ambiguous, 'Duel EC DRBG' gives very little information on what the article is about, whilst 'Dual elliptic curve deterministic random bit generator' at least gives the reader the information that this is a random number generator that uses elliptic curves. I think the new name is clearer, more informative, and not overly verbose. Having said that, I moved the page boldy and would no objection to moving back if consensus on this talk page is against me. Modest Genius ^talk 14:48, 24 December 2013 (UTC)[reply]

Revision as of 22:19, 23 December 2013 edit Intgr (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers 32,254 edits m →Revert article rename?: clarify ← Previous edit		Revision as of 14:48, 24 December 2013 edit undo Modest Genius (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 25,194 edits →Revert article rename?: reply - new title is clearer Next edit →
Line 66:		Line 66:

	The expansion is way too long and I'd argue it violates [[WP:COMMONNAME]]. The subject is most well known due to having a backdoor, it doesn't really matter what technology it's based on. Even the original standard almost exclusively refers to it as "Dual_EC_DRBG", only once does it say "Dual Elliptic Curve Deterministic RBG" -- in the section title. [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf] -- [[user:intgr\|intgr]] <small>[[user talk:intgr\|[talk]]]</small> 22:16, 23 December 2013 (UTC)		The expansion is way too long and I'd argue it violates [[WP:COMMONNAME]]. The subject is most well known due to having a backdoor, it doesn't really matter what technology it's based on. Even the original standard almost exclusively refers to it as "Dual_EC_DRBG", only once does it say "Dual Elliptic Curve Deterministic RBG" -- in the section title. [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf] -- [[user:intgr\|intgr]] <small>[[user talk:intgr\|[talk]]]</small> 22:16, 23 December 2013 (UTC)

			:I renamed the article because the previous title was an uninformative initialism - the general reader cannot work out what the article is about from the title. Google hits are not a good way to assess proper article names. [[WP:COMMONNAME]] calls for article titles to be ''recognisable'' and states 'Ambiguous [...] names for the article subject [...] are often avoided even though they may be more frequently used by reliable sources'. Whilst not strictly speaking ambiguous, 'Duel EC DRBG' gives very little information on what the article is about, whilst 'Dual elliptic curve deterministic random bit generator' at least gives the reader the information that this is a [[random number generator]] that uses [[elliptic curves]]. I think the new name is clearer, more informative, and not overly verbose. Having said that, I moved the page [[WP:BOLD\|boldy]] and would no objection to moving back if consensus on this talk page is against me. [[User:Modest Genius\|<font face="Times New Roman" color="maroon"><b>Modest Genius</b></font>]] [[User_talk:Modest Genius\|<sup>talk</sup>]] 14:48, 24 December 2013 (UTC)