Dueling over Dual_EC_DRGB: Consequences of Corrupting a Standardization Process

58 points10
hannob41 minutes ago

Just skimmed over it, but this seems like an odd statement: "The problem of the algorithm was quickly handled. NIST, which had approved[17] Dual_EC_DRBG as a FIPS, immediately responded by recommending that the algorithm not be used and opened a public comment period on the standard."

That is... immediately after they knew nine years about the backdoor. What often gets forgotten is that in the case of Dual EC the Snowden leaks only confirmed what was already known. The warnings about the possibility of a backdoor came much, much earlier (this is from 2007: ).

nickdothutton20 minutes ago

You cannot unpoison a well. Unpoison isn't even a proper word.

Edit: And if you think it truly was just 1 algo then I have a bridge to sell you.