openssl and NSA backdoor

Roger arelem at bigpond.com
Sat Dec 21 22:32:11 UTC 2013


On 12/22/2013 07:05 AM, Mike Wright wrote:
> Hi all,
>
> After Edward Snowden spilled the beans on the NSA I've become 
> extremely paranoid about system security.  If not the NSA, who else?
>
> I've been trying to find out if the versions of openssl shipped by 
> fedora use the "Dual Elliptical Curve" encryption method that RSA so 
> politely (for a tidy $um) made default at the request of the US's NSA. 
> That is the encryption method with the NSA's very own backdoor.
>
> If so, has it been corrected?  Is openssl even safe to use anymore? 
> What about previous versions of fedora?
>
> And what about our certificates?  Are they more or less useless now?
>
> Where do we go from here?
>
> If anybody is up on security I think we'd all like to know what is 
> going on here esp. re fedora.
>
> Thanks *very* much for any help on this,
> Mike Wright
>
>
> ps. for spit and giggles maybe everybody ought to take all their 
> non-private email and CC them to the NSA.  That will give them 
> something else to do with their time besides wiping their butts on the 
> constitution.

Not so funny thing for me is: When I was helping convert a religious 
site in the USA  to Russian language my email system at bigpond.com 
eventually had a chronic backlog of emails and could send and receive no 
more. Translators and reviewers kept getting email return notices that 
my bigpond email box was full, even though it had no emails in it and 
bigpond could find no problems. Security advice was that I was and still 
have all my email addresses monitored. I hope they like the Linux chat 
and other bland conversations.
I think, now that bigpond have gone over to windows server, it'll be far 
easier to infiltrate, oops, I mean keep tabs on things.
Roger






More information about the users mailing list