Talk:Dual EC DRBG

United States: Government Stub‑class Low‑importance

This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions. Template Usage Articles Requested! Become a Member Project Talk Alerts United StatesWikipedia:WikiProject United StatesTemplate:WikiProject United StatesUnited States articles Stub This article has been rated as Stub-class on Wikipedia's content assessment scale. Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject U.S. Government (assessed as Low-importance).

Bruce Schneier says (http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html) that Dual EC DRBG is three orders of magnitude, not three times, slower than its peers. Peter 16:14, 15 November 2007 (UTC)[reply]

Fixed. -- intgr [talk] 17:12, 15 November 2007 (UTC)[reply]

The following information is missing from the article:

• When was this PRNG standardized? (The document in reference 1 is from march 2007, but it is titled "(revised)".
• How does it actually work?

-- Paul Ebermann (talk) 15:21, 12 September 2011 (UTC)[reply]

The article currently says that DUAL_EC_DRBG has a fatal weakness which was engineered by the NSA, but that seems to be speculation. The NYT article provided as a citation does not identify the algorithm. Here is the full quote:

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Bruce Schneier has speculated (see here also) that DUAL_EC_DRBG is the algorithm in question, but if that's the best we have we should a) cite it and b) state that it is speculation.

 – mike@enwiki:~$  22:45, 5 September 2013 (UTC)[reply]

Looks like we have actual confirmation.  – mike@enwiki:~$  17:06, 11 September 2013 (UTC)[reply]

http://www.mail-archive.com/cryptography@metzdowd.com/msg12262.html

A message from John Kelsey about the Development of Dual EC DRBG.

http://www.google.com/patents/US20070189527

US Patent US20070189527, "Elliptic curve random number generation" to Daniel Brown, Scott Vanstone, which describes the "backdoor" in Dual EC DRBG, teaches how the backdoor can be removed by generating Q (the second base point) randomly after P (the basepoint) is known by a mechanism not involving point multiplication, thereby ensuring that that P is not a known multiple of Q (which is the "backdoor"), nor that Q is known multiple of P. And further teaching how known secret relations between P and Q may be used as part of a key escrow system.