openssl and NSA backdoor
arelem at bigpond.com
Sat Dec 21 22:32:11 UTC 2013
On 12/22/2013 07:05 AM, Mike Wright wrote:
> Hi all,
> After Edward Snowden spilled the beans on the NSA I've become
> extremely paranoid about system security. If not the NSA, who else?
> I've been trying to find out if the versions of openssl shipped by
> fedora use the "Dual Elliptical Curve" encryption method that RSA so
> politely (for a tidy $um) made default at the request of the US's NSA.
> That is the encryption method with the NSA's very own backdoor.
> If so, has it been corrected? Is openssl even safe to use anymore?
> What about previous versions of fedora?
> And what about our certificates? Are they more or less useless now?
> Where do we go from here?
> If anybody is up on security I think we'd all like to know what is
> going on here esp. re fedora.
> Thanks *very* much for any help on this,
> Mike Wright
> ps. for spit and giggles maybe everybody ought to take all their
> non-private email and CC them to the NSA. That will give them
> something else to do with their time besides wiping their butts on the
Not so funny thing for me is: When I was helping convert a religious
site in the USA to Russian language my email system at bigpond.com
eventually had a chronic backlog of emails and could send and receive no
more. Translators and reviewers kept getting email return notices that
my bigpond email box was full, even though it had no emails in it and
bigpond could find no problems. Security advice was that I was and still
have all my email addresses monitored. I hope they like the Linux chat
and other bland conversations.
I think, now that bigpond have gone over to windows server, it'll be far
easier to infiltrate, oops, I mean keep tabs on things.
More information about the users