<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 21, 2013 at 8:05 PM, Mike Wright <span dir="ltr"><<a href="mailto:mike.wright@mailinator.com" target="_blank">mike.wright@mailinator.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div id=":6zk" style="overflow:hidden">'ve been trying to find out if the versions of openssl shipped by fedora use the "Dual Elliptical Curve" encryption method that RSA so politely (for a tidy $um) made default at the request of the US's NSA. That is the encryption method with the NSA's very own backdoor.<br>
<br>
If so, has it been corrected? Is openssl even safe to use anymore? What about previous versions of fedora?<br>
<br>
</div></blockquote></div><br>From <a href="http://arstechnica.com/security/2013/12/report-nsa-paid-rsa-to-make-flawed-crypto-algorithm-the-default/">http://arstechnica.com/security/2013/12/report-nsa-paid-rsa-to-make-flawed-crypto-algorithm-the-default/</a><br>
<br><div style="margin-left:40px">The Dual_EC_DRBG algorithm is included in the NIST-approved crypto
standard SP 800-90 and has been viewed with suspicion since shortly
after its inclusion in the 2006 specification. In 2007, researchers from
Microsoft showed that the algorithm could be backdoored: if certain
relationships between numbers included within the algorithm were known
to an attacker, then that attacker could predict all the numbers
generated by the algorithm. These suspicions of backdooring seemed to be
confirmed this September <a href="http://arstechnica.com/security/2013/09/the-nsas-work-to-make-crypto-worse-and-better/">with the news that the National Security Agency had worked to undermine crypto standards</a>.
</div><p style="margin-left:40px">The impact of this backdooring seemed low. The 2007 research,
combined with Dual_EC_DRBG's poor performance, meant that the algorithm
was largely ignored. Most software didn't implement it, and the software
that did generally didn't use it.</p><p>Other commentators say pretty much the same thing. The Dual_EC_DRBG algorithm was viewed with suspicion from the start, and besides was very slow, so most crypto software doesn't implement it. An exception is RSA's own Bsafe product, but as that's nonfree it wouldn't be part of Fedora anyway.<br>
</p><p>It would nevertheless be good to have a statement about this from a Fedora authority.</p><p>poc<br></p></div></div>