[OTR-users] OTR mentioned in Snowden documents?
Nathan of Guardian
nathan at guardianproject.info
Thu Sep 12 09:56:14 EDT 2013
On 09/11/2013 10:47 AM, Mike Minor wrote:
> The constant "c49d360886e704936a6678e1139d26b7819f7e90" appears to be a malicious non-random seed for the prime256v1 curve that is found in BouncyCastle. Are you relying on it in your code?
Since we only use DSA, and this appears to be ECC, we are not currently
affected in our use of bouncycastle for OTR.
However, I am more curious about where you pulled that suspicious
constant from? Do you have direct knowledge of subterfuge or is it an
interest of yours to find these types of things?
I ask because finding what is essentially a backdoor in BouncyCastle's
ECC is a *big deal*.
+n
More information about the OTR-users
mailing list