Did NSA Put a Secret Backdoor in New Encryption Standard?

**raccoonone** · 11-16-2007, 04:53 PM

Didn't see this posted yet.

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator. With John Kelsey and Niels Ferguson in 1999, I co-authored Yarrow, a random-number generator based on our own cryptanalysis work. I improved this design four years later -- and renamed it Fortuna -- in the book Practical Cryptography, which I co-authored with Ferguson....

full article: http://www.wired.com/politics/securi...tymatters_1115

Reminded me of Digital Fortress. Anyone else read that book?

**CyberDruid** · 11-16-2007, 05:06 PM

I would not be in the least bit surprised. We don't deserve security...being peons...only the robber barons and the Sherrif of Nottingham should have such finery.

**Brother Esau** · 11-16-2007, 05:20 PM

Now Warren you will be treading thin ice such as myself with the very suggestion of saying the Government is corrupt, Crooked and lying and stealing from the united states citizens etc, etc, etc wouldn't bother if I were you its bred into 5he new generations to be passive and submissive about such things and for the most part everybody lives in denial about it or chooses to do nothing about it!

And Remember Kids.....If you're not doing anything wrong you don't have anything to worry about besides who needs Privacy and Rights these days?

**Mad1723** · 11-16-2007, 05:21 PM

Digital Fortress anyone?

**TorquedJetta** · 11-16-2007, 05:47 PM

Originally Posted by Brother Esau

And Remember Kids.....If you're not doing anything wrong you don't have anything to worry about besides who needs Privacy and Rights these days?

Privacy shouldn't be around is what you are saying? I don't see how you can say this. I don't want the world to know what I am doing. The government doesn't need to know what I am doing at all times. I put faith in them to protect me and govern me, they should not be saying thanks but we don't believe you and install a backdoor. Why should we trust somebody that doesn't trust us?

**DeadlyFire** · 11-16-2007, 05:56 PM

Originally Posted by TorquedJetta

Privacy shouldn't be around is what you are saying? I don't see how you can say this. I don't want the world to know what I am doing. The government doesn't need to know what I am doing at all times. I put faith in them to protect me and govern me, they should not be saying thanks but we don't believe you and install a backdoor. Why should we trust somebody that doesn't trust us?

Pure sarcasm on his part I believe haha

**raccoonone** · 11-16-2007, 09:31 PM

Originally Posted by Mad1723

Digital Fortress anyone?

that was my first thought lol

**nn_step** · 11-16-2007, 10:38 PM

the only privacy we have left is in our minds and even that may not last

**saaya** · 11-17-2007, 12:10 AM

of course they are doing this, nobody is keeping them from doing it, most people dont even go to the votes nowadays, but then they go online and complain on forums

sadly thats all most people do nowadays, complain... thats not enough to actually change something though

**DeathReborn** · 11-17-2007, 03:45 AM

Originally Posted by saaya

of course they are doing this, nobody is keeping them from doing it, most people dont even go to the votes nowadays, but then they go online and complain on forums

sadly thats all most people do nowadays, complain... thats not enough to actually change something though

It is in France...

These days we're in a situation where the people supposed to police the "police" are either turning a blind eye, getting paid not to look, plain incompetent or agree with no privacy, civil liberties or freedoms.

**LowRun** · 11-17-2007, 03:49 AM

The question is not "am i paranoid?", it's "am i paranoid enough?"

**ahmad** · 11-17-2007, 04:16 AM

The title of the article is misleading.. but it doesn't matter much anyways. NSA chopped old DES down to 64bit because 56bit was easier to attack than the 64bit key method, and in fact the original standard developed at IBM did use 64bit keys.

But its so fascinating to see how generating random bits that are truely random is such a challange, even though its so naturally recurring in almost everything natural around us.

I'd say hire 6000 people in china or india and get them to flip coins all day. Heads, 0, tails, 1. You produce 6000 random bits a second (or 2 if you are less optimistic), and effectively 216 million bits in one hour.

**STEvil** · 11-17-2007, 11:13 AM

yeah, random number generation sucks... ever noticed when your music player of choice is on random play it suspiciously plays a lot of the same tracks over and over again?

I use Foobar..

**DangeR!** · 11-17-2007, 11:27 AM

Digital Fortress is the book written by Dan Brown. (The guy who wrote The Da Vinci Code)... Angels & Demons > than all of his book's put together, highly recommended.

OT:
Wouldn't surprise me if they did... how else would they spy on us all if they created a perfect system.

Thread: Did NSA Put a Secret Backdoor in New Encryption Standard?

Thread Tools

Search Thread

Rate This Thread

Display

Did NSA Put a Secret Backdoor in New Encryption Standard?

Bookmarks

Bookmarks

Posting Permissions