When I saw 'new details' (edit: this was referring to an old title), I was hoping that the backdoor in Dual_EC_DRBG was either confirmed or denied ... in reality, there's not much new here. The NYT confirmed that their previous article was talking about Dual_EC_DRBG, but that's what everyone (edit: in the cryptography community) expected anyway [1].
We still don't know the exact story behind Dual_EC_DRBG. Maybe the NSA carefully crafted the DRBG to contain a backdoor that they knew from the outset. Maybe they didn't notice the backdoor until later (perhaps after cryptographers pointed it out) but ended up discovering the 'key' that allows you to predict the stream, completely breaking the DRBG (this is very unlikely, however). Or maybe they're no better off than the general public.
Annoyingly, there are no concrete details. Internal memos "appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency". In the latest NYT article, the internal memos "suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard". (What "generated" really means here is beyond me; obviously the constants were generated somehow. The question is whether or not they were generated with malicious intent. Is the 'generated' part quoted/paraphrased from the memos?)
Now I'm not saying that the NSA didn't have some malicious intent with Dual_EC_DRBG. But we have a stunning lack of any evidence. Internal memos 'appear to confirm' and 'suggest', but the bits provided from them are... lacking. Things certainly seem fishy, but we don't even know the context of the quotes.
I don't know. It certainly wouldn't surprise me if Dual_EC_DRBG was engineered to have a backdoor, but all of the articles I've read seem to carefully use weasel words when talking about it.
I suppose that was a bit presumptuous of me. My apologies.
The whole spiel has made several rounds on HN, though [1], and Ars reported again on the matter about a week ago [2]. But I do acknowledge that doesn't necessarily mean much... not everyone has the time (or the inclination!) to follow such matters.
"The whole spiel has made several rounds on HN, though [1]"
If you look at this discussions, HN commenters were very skeptical this was an NSA backdoor. The speculative possibility isn't news; the fact very much is.
That's the thing, though: this article doesn't say that the NSA did generate the Dual_EC_DRBG constants with a backdoor in mind. It just says that internal memos suggest and appear to confirm that they did.
Yes, news to me and that it's reported by the New York Times no less, albeit on a blog, makes it less of a conspiracy theory and less controvertible. I'd say it's more like this is news to 99.99999%
Kind of shocking, N.I.S.T and the C.S.E with their pants down.
We still don't know the exact story behind Dual_EC_DRBG. Maybe the NSA carefully crafted the DRBG to contain a backdoor that they knew from the outset. Maybe they didn't notice the backdoor until later (perhaps after cryptographers pointed it out) but ended up discovering the 'key' that allows you to predict the stream, completely breaking the DRBG (this is very unlikely, however). Or maybe they're no better off than the general public.
Annoyingly, there are no concrete details. Internal memos "appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency". In the latest NYT article, the internal memos "suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard". (What "generated" really means here is beyond me; obviously the constants were generated somehow. The question is whether or not they were generated with malicious intent. Is the 'generated' part quoted/paraphrased from the memos?)
Now I'm not saying that the NSA didn't have some malicious intent with Dual_EC_DRBG. But we have a stunning lack of any evidence. Internal memos 'appear to confirm' and 'suggest', but the bits provided from them are... lacking. Things certainly seem fishy, but we don't even know the context of the quotes.
I don't know. It certainly wouldn't surprise me if Dual_EC_DRBG was engineered to have a backdoor, but all of the articles I've read seem to carefully use weasel words when talking about it.
[1] http://crypto.stackexchange.com/a/10258/2454