[nycbug-talk] Elliptic Curve Backdoor? [was] RSA/DSA for encryption: has it's time come?
spork at bway.net
Fri Sep 13 17:48:12 EDT 2013
On Sep 13, 2013, at 2:52 PM, George Rosamond wrote:
> Pete Wright:
>> On 09/13/2013 07:58 AM, Okan Demirmen wrote:
>>>> So throwing it back to list...
>>>> What have you changed?
>>>> What changes have taken place in your organization, whether or not
>>>> influenced by you?
>> same here - although the incompetent IT department at my day-job is not
>> insisting on not allowing encrypted IM's because..."compliance". so
>> that's awesome.
> I have some technical clients who are very conscious of the fact that
> there has been a shift for non-technical people.
> The argument that privacy has to be designed, as opposed to being
> promises or policy is has reasserted itself. If a provider *can* access
> data of its clients, then there isn't privacy.
> Can't find them ATM, but this is a great spot to see useful articles on
> the topic, including a lot of stuff on the changes in people's thinking
> And LibTech's list is a central place for discussions around this stuff
> (hi again Jan!)
>>>> Factors of authentication, keys used, additional encryption added,
>>>> office or home Tor, pgp/gpg....
>>> Nothing new.
>> same here, i think being a practical paranoid has prepped me for this
>> inevitable day where it's known that telecomunications is an inherently
>> unsafe communication medium. as is anything that requires 3rd party trust.
> Very much the case for me also. But I am convinced more of our 'tools'
> will start accounting for the 'new world' and I'm keeping tabs on that.
So NIST is now officially not recommending the use of "Dual_EC_DRBG":
> Thanks for being relevant Pete. I shifted this thread for a reason.
> talk mailing list
> talk at lists.nycbug.org
More information about the talk