[OTR-users] OTR mentioned in Snowden documents?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 12 12:36:03 EDT 2013
On 09/12/2013 11:18 AM, Gregory Maxwell wrote:
> I suspect this is just someone whos seized on a post I made on the tor
> list pointing out that the "provably random" constants used for NIST
> P256r was not very meaningfully provably random. Its certainly not
> something to be concerned about specific to Bouncy Castle or OTR.
thanks for the clarification. I do wish that people who make bold
claims like Mike did would provide references where other people
interested in those bold claims could review them. Or, as a wikipedian
might say to mike minor: [citation needed].
> (It was selected in a way which prevents using an algebraic approach
> to select a unique trapdoored parameter, but does nothing to prevent
> selection of based on secret characteristics which could weaken or
> strengthen the curve, so long as the characteristics in question were
> common enough to find an example through a brute force search on SHA1)
Right, this is a really good point, and is currently under discussion in
a lot of places.
you might find Dan Brown's take on the situation over in the IETF's TLS
WG interesting (i don't understand ECC well enough to be able to judge
it one way or another):
https://www.ietf.org/mail-archive/web/tls/current/msg09842.html
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20130912/b84015b0/attachment.pgp>
More information about the OTR-users
mailing list