[nycbug-talk] Elliptic Curve Backdoor? [was] RSA/DSA for encryption: has it's time come?

Charles Sprickman spork at bway.net
Fri Sep 13 17:48:12 EDT 2013


On Sep 13, 2013, at 2:52 PM, George Rosamond wrote:

> Pete Wright:
>> On 09/13/2013 07:58 AM, Okan Demirmen wrote:
>> 
>>>> So throwing it back to list...
>>>> 
>>>> What have you changed?
>>>> 
>>>> What changes have taken place in your organization, whether or not
>>>> influenced by you?
>>> 
>>> Zero.
>> 
>> same here - although the incompetent IT department at my day-job is not
>> insisting on not allowing encrypted IM's because..."compliance".  so
>> that's awesome.
> 
> I have some technical clients who are very conscious of the fact that
> there has been a shift for non-technical people.
> 
> The argument that privacy has to be designed, as opposed to being
> promises or policy is has reasserted itself.  If a provider *can* access
> data of its clients, then there isn't privacy.
> 
> Can't find them ATM, but this is a great spot to see useful articles on
> the topic, including a lot of stuff on the changes in people's thinking
> recently:
> 
> https://twitter.com/liberationtech
> 
> And LibTech's list is a central place for discussions around this stuff
> today.
> 
> (hi again Jan!)
> 
>> 
>>> 
>>>> Factors of authentication, keys used, additional encryption added,
>>>> office or home Tor, pgp/gpg....
>>> 
>>> Nothing new.
>>> 
>> 
>> same here, i think being a practical paranoid has prepped me for this
>> inevitable day where it's known that telecomunications is an inherently
>> unsafe communication medium.  as is anything that requires 3rd party trust.
> 
> Very much the case for me also.  But I am convinced more of our 'tools'
> will start accounting for the 'new world' and I'm keeping tabs on that.

So NIST is now officially not recommending the use of "Dual_EC_DRBG":

http://www.propublica.org/documents/item/785571-itlbul2013-09-supplemental#document/p2

> 
> Thanks for being relevant Pete.  I shifted this thread for a reason.
> 
> g
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk





More information about the talk mailing list