Mick wrote: > On Friday 18 Apr 2014 19:08:21 Dale wrote: >> I'm a little vague on some things but it seems the claim was that NSA >> had some sort of backdoor that was built in from the beginning of the >> project for encryption which sounded like it would include httpS and >> others. Again, the details are fuzzy. I would say that I need to >> bookmark this sort of thing but I already have so many bookmarks that it >> is very hard to dig through them as it is. Adding more may be >> counterproductive, yet again. > > I think that you are referring to their Dual_EC_DRBG (Dual Elliptic Curve > Deterministic Random Bit Generator) which is/was used by RSA Security (not RSA > the algorithm developed by Ron Rivest, Adi Shamir and Leonard Adleman). > > http://www.computing.co.uk/ctg/news/2295881/rsa-warns-customers-against-nsa-compromised-security-product# > > I don't know if Schneier said, stay away from elliptic curve algos and use > symmetric keys instead, because of this. Others have tried to crack elliptic > curves and have not been successful - so one has to tread carefully. Given > the NSA/NIST and big corporates are all in it up to their neck, I would guess > that distrusting *everything* they have or could be behind is a healthy > attitude to take at the moment. ;-) >
Well, I just wondered if it was true or not. If the NSA has some sort of back hack then encryption to them is meaningless. Thing is, I don't know if it is true or not. I wouldn't be surprised if it is for sure. I try to keep things as secure as I can and protect myself from the bad guys but this sort of things makes me wonder if it really does much if any good. If companies/governments have backdoor ways to get passed it, then there is no way to know who else can use that too. All it takes is for one employee/contractor with the knowledge to decide to sell out and then the whole thing is compromised. Imagine if it were to come out that there is a backdoor key to all the encryption that is currently in use. That would really throw a wrench into the whole internet community. I just read that yet another store has been hacked into and customer info stolen here in the USA. Waiting to see it from a reputable source before getting to deep into it. Of recent, I have seriously thought of encrypting my /home partition. I'm not a crook but like a guy said once in a TV interview, if a person looks long enough and hard enough, they will find something then build a career off building the rest. There are to many laws for anyone to really be able to safely say they have never broken the law before. I thought I read that article on Linux Journal but I can't find it there so it must have been somewhere else. < shrugs > Thanks. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
