openssl and NSA backdoor

Patrick O'Callaghan pocallaghan at
Sun Dec 22 00:01:14 UTC 2013

On Sat, Dec 21, 2013 at 8:05 PM, Mike Wright <mike.wright at>wrote:

> 've been trying to find out if the versions of openssl shipped by fedora
> use the "Dual Elliptical Curve" encryption method that RSA so politely (for
> a tidy $um) made default at the request of the US's NSA. That is the
> encryption method with the NSA's very own backdoor.
> If so, has it been corrected?  Is openssl even safe to use anymore? What
> about previous versions of fedora?

The Dual_EC_DRBG algorithm is included in the NIST-approved crypto standard
SP 800-90 and has been viewed with suspicion since shortly after its
inclusion in the 2006 specification. In 2007, researchers from Microsoft
showed that the algorithm could be backdoored: if certain relationships
between numbers included within the algorithm were known to an attacker,
then that attacker could predict all the numbers generated by the
algorithm. These suspicions of backdooring seemed to be confirmed this
September with the news that the National Security Agency had worked to
undermine crypto

The impact of this backdooring seemed low. The 2007 research, combined with
Dual_EC_DRBG's poor performance, meant that the algorithm was largely
ignored. Most software didn't implement it, and the software that did
generally didn't use it.

Other commentators say pretty much the same thing. The Dual_EC_DRBG
algorithm was viewed with suspicion from the start, and besides was very
slow, so most crypto software doesn't implement it. An exception is RSA's
own Bsafe product, but as that's nonfree it wouldn't be part of Fedora

It would nevertheless be good to have a statement about this from a Fedora

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list