----- Forwarded message from ianG <iang@iang.org> ----- Date: Sun, 22 Sep 2013 15:32:42 +0300 From: ianG <iang@iang.org> To: cryptography@randombit.net Subject: Re: [cryptography] [Cryptography] RSA equivalent key length/strength User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 On 19/09/13 00:23 AM, Lucky Green wrote:

According to published reports that I saw, NSA/DoD pays $250M (per year?) to backdoor cryptographic implementations. I have knowledge of only one such effort. That effort involved DoD/NSA paying $10M to a leading cryptographic library provider to both implement and set as the default the obviously backdoored Dual_EC_DRBG as the default RNG.

So, boom. Once the finger is pointed so directly, this came tumbling down within a day or two. http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our... http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg... One mystery is left for me. Why so much? It clearly doesn't cost that much money to implement the DRBG, or if it did, I would have done it for $5m, honest injun! Nor would it cost that to test it nor to deploy it on mass. Documentation, etc. What are we to conclude was the reason for such a high cost? Conscience sedative? Internal payoffs?

This was $10M wasted. While this vendor may have had a dominating position in the market place before certain patents expired, by the time DoD/NSA paid the $10M, few customers used that vendor's cryptographic libraries.

Another theory - take a fool's money? And, what happens to RSA now? If this is business-as-usual, does this mean that when the Feds show up to my door with 'a proposal' that I should see the mutual interest in sharing my customer's data with them by means ecliptic & exotic? Take the 30 pieces of silver (adj. for 2000 years of inflation), and be happy they're also keeping my struggling business in the black? Or grey? Or, is it the new Crypto AG? Is RSA the new byword for sellout? Does RSA go out of business? An Arthur Anderson event? In which case I have no choice. I have a reason to preserve the privacy of my customers, and tell the NSA I'm not interested in their cyanide pill patriotism. iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5