• Why the Dual-EC DRBG Mechanism is Suspect

    Part 1 of 2 in the Series — Zero to 30
    As we covered in December, special publication 800-90, released by the National Institute of Standards and Technology (NIST) in 2006, claimed that security vendor RSA and the NSA created a deal to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. These claims introduce serious questions about the security of

        in Encryption, Public Key Infrastructure
  • Elliptic-Curve Cryptography, Simplified

    Part 2 of 2 in the Series — Zero to 30
    As both standalone and networked computing capabilities continue to grow in-line with Moore’s law, key sizes for the most widely used public-key cryptographic systems have to grow disproportionately fast. This trend makes a switch to elliptic-curve cryptography (ECC) more and more attractive. Unfortunately, ECC has a reputation for being difficult to understand. And this reputation, deserved or not, deters many

        in General