[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Questions about some expired drafts
From:       Stephen Checkoway <s () pahtak ! org>
Date:       2015-01-30 6:06:16
Message-ID: D0E0A93B-A3D9-4513-A4DA-735523BAF298 () pahtak ! org
[Download RAW message or body]


On Jan 27, 2015, at 8:22 PM, Yuhong Bao <yuhongbao_386@hotmail.com> wrote:

> Yea, I believe the draft-rescorla-tls-extended-random is quite famous as a \
> backdoor,  along with Dual_EC_DRBG.

Well, it makes attacks easier by exposing more consecutive raw Dual EC output bits. \
For P-384 and P-521, it makes the attack doable at all (at least in theory, I didn't \
actually validate that against an implementation that supported extended random like \
RSA's BSAFE libraries).

-- 
Stephen Checkoway


[prev in list] [next in list] [prev in thread] [next in thread]