>Mathematical features of the standard make very little sense without a backdoor, and the original article provided essentially no justification. Rather, it attempted a distraction by pointing to alternative configurations and standards.
I agree and would happily sign a letter which made this case. The argument for a DUAL_EC_DRBG backdoor is overwhelming.
>Unfortunately, the authors focus on NSA skullduggery and misconduct, citing primarily to non-expert (and semi-sensationalist) reporting.
My primary objection, I can't speak for the other signers, was Wertheimer’s misleading claims that the NSA does have a history of such skullduggery when there is also very strong evidence to the contrary.
We cited:
1. propublica.org, as a source for a direct quotes from NSA documents.
2. reuters, who are the primary source for the claim that the NSA paid RSA 10 million to make DUAL_EC_DRNG the default.
3. blog.cryptographyengineering.com, Matthew Green's writing on this subject. Matthew Green has published an academic research paper at a top venue on DUAL_EC_DRBG [0] and is a Cryptography Professor at Johns Hopkins.
4. Mollin's An Introduction to Cryptography, a Cryptography textbook. Richard A. Mollin was a Cryptography expert [1].
5. Johnson's "American Cryptology during the Cold War: Book III" a History of the NSA written by the NSA.
Three of the five are experts within their areas. Two are from well established news organisations.
I agree and would happily sign a letter which made this case. The argument for a DUAL_EC_DRBG backdoor is overwhelming.
>Unfortunately, the authors focus on NSA skullduggery and misconduct, citing primarily to non-expert (and semi-sensationalist) reporting.
My primary objection, I can't speak for the other signers, was Wertheimer’s misleading claims that the NSA does have a history of such skullduggery when there is also very strong evidence to the contrary.
We cited:
1. propublica.org, as a source for a direct quotes from NSA documents.
2. reuters, who are the primary source for the claim that the NSA paid RSA 10 million to make DUAL_EC_DRNG the default.
3. blog.cryptographyengineering.com, Matthew Green's writing on this subject. Matthew Green has published an academic research paper at a top venue on DUAL_EC_DRBG [0] and is a Cryptography Professor at Johns Hopkins.
4. Mollin's An Introduction to Cryptography, a Cryptography textbook. Richard A. Mollin was a Cryptography expert [1].
5. Johnson's "American Cryptology during the Cold War: Book III" a History of the NSA written by the NSA.
Three of the five are experts within their areas. Two are from well established news organisations.
[0]: http://dualec.org/
[1]: http://leydenscalgary.sharingmemories.ca/site/Richard-Mollin...