Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

Alfonso De Gregorio alfonso.degregorio at gmail.com
Mon Sep 7 05:07:14 PDT 2015

On Mon, Sep 7, 2015 at 11:25 AM, Georgi Guninski <guninski at guninski.com> wrote:
> This is also on popular? forums:
> [0] https://news.ycombinator.com/item?id=10175284
> [1]
> https://www.reddit.com/r/crypto/comments/3jumon/rfc2631_fips_1863_and_openssls_implementation_of/
> Comments in [0] suggest "formal verification".

The only hope to have a formal verification that extends also to
algebraic properties, is to start from formal specifications. A
top-down approach in stark contrast with the dynamic, agile, and
pragmatic "ship, then test" paradigm [1] and the "don't worry, be
crappy" mantra [2], repeated by entrepreneurs innovating the most.

We need better security trade-offs.

-- Alfonso

[1] http://guykawasaki.com/the_art_of_boot/
[2] http://guykawasaki.com/the_art_of_inno/

More information about the cypherpunks mailing list