Why the Dual-EC DRBG Mechanism is Suspect
As we covered in December, special publication 800-90, released by the National Institute of Standards and Technology (NIST) in 2006, claimed that security vendor RSA and the NSA created a deal to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. These claims introduce serious [Read More...]
The Edward Snowden Story Calls For Understanding of Encryption, Strong Identity
This entry is part 2 of 2 in the series The Snowden Papers: Lessons to be LearnedEntrust’s Approach and View of Cryptography There has been tremendous press coverage over the last week or two about cryptographic systems and threats to their security. I want to take some time to share how Entrust, as a global [Read More...]
NSA Leaks Uncover Legitimate Surveillance Concerns, But Cryptographic Systems are Not One of Them
This entry is part 1 of 2 in the series The Snowden Papers: Lessons to be LearnedIntelligence Services Disclosures and the Impact on Information Security The Washington Post and other media outlets have provided extensive coverage of allegations made by Edward Snowden concerning some of the NSA’s surveillance programs. The allegations include: The NSA has [Read More...]
Alan Turing Notes on Cryptography Released
Are there any insights left to be wrung from the code breaker’s papers?
Chris Vallance of the BBC reports that GCHQ has released some of Alan Turing’s papers on the theory of code breaking. They’re not on display at the National Archives at Kew. I’ve checked the web pages of the Archives and GCHQ, and there is as of my writing nothing up there, yet.
The two papers are titled, The Applications of Probability to Crypt” and Paper on the Statistics of Repetitions. They discuss the use of mathematics to cryptanalysis. This might seem a bit obvious now, but at the time cryptanalysis was largely done by smart people and not by machines. A code-breaker was more likely someone who was good at solving complex crossword puzzles than working with numbers. It was unusual to bring in someone like Turing to a cryptology lab.
RSA Key Generation Flaw Does Not Affect Entrust Certificates
The New York Times published an article by John Markoff a couple days ago, “Flaw Found in an Online Encryption Method.” Sadly, the article is behind the Times paywall. Irritatingly, it’s a very good article except for the headline, which is wrong. The flaw isn’t found in the encryption, but in some key generation. A [Read More...]