Matthew Green
On the Practical Exploitability of Dual EC in TLS Implementations 

Subject: [Fwd: RE: Minding our Ps and Qs in Dual_EC]
Date: Wednesday, October 27, 2004 at 12:09:25 PM Eastern Daylight Time
From: John Kelsey
To: larry.basham@nist.gov

---------------------------- Original Message ----------------------------
Subject: RE: Minding our Ps and Qs in Dual_EC
From: "Don Johnson" 
Date: Wed, October 27, 2004 11:42 am
To: "John Kelsey" 
--------------------------------------------------------------------------

John,

P = G.
Q is (in essence) the public key for some random private key.

It could also be generated like a(nother) canonical G, but NSA kyboshed
this idea, and I was not allowed to publicly discuss it, just in case you
may think of going there.

Don B. Johnson


-----Original Message-----
From: John Kelsey [mailto:john.kelsey@nist.gov]
Sent: Wednesday, October 27, 2004 11:17 AM
To: Don Johnson
Subject: Minding our Ps and Qs in Dual_EC

Do you know where Q comes from in Dual_EC_DRBG?

Thanks,

-John

[1] [2] [3]

Comments

Post a Comment

Popular posts from this blog

SSLLabs SSL Test on 716 .gov https sites

Image
716 .gov https sites (thanks to @hackertarget dnsdumpster) 328 " F " (45,81%) 178 " A " (24,86%) (one IP address per subdomain unless multiple scores) 2016/03/02 18:12:18 a068-acswebsrv.nyc.gov 167.153.11.46: F 2016/03/02 18:12:29 ace.cbp.dhs.gov 216.81.83.93: F 2016/03/02 18:12:29 accela1.howardcountymd.gov 167.102.191.83: F 2016/03/02 18:12:35 1click.dhsoha.oregon.gov 170.104.63.76: A- 2016/03/02 18:12:38 adfs.txdot.gov 168.58.229.156: C 2016/03/02 18:12:42 adfg.alaska.gov 146.63.61.200: C 2016/03/02 18:12:52 aip.medi-cal.ca.gov 12.9.80.162: F 2016/03/02 18:13:02 ac.ninds.nih.gov 156.40.215.10: A 2016/03/02 18:13:06 adhimmreglive.arkansas.gov 170.94.17.67: A 2016/03/02 18:13:09 adherave.arkansas.gov 170.94.15.181: B 2016/03/02 18:13:24 alerts.rochestermn.gov 12.184.36.207: A 2016/03/02 18:13:24 airmobile.house.gov 143.228.131.184: F 2016/03/02 18:13:32 aoprals.state.gov 169.253.204.152: B 2016/03/02 18
Read more

Is DHS running honeypots?

Image
When in September 2015 DHS published its own Security Audit Report , I was rather speechless I could not find any mention of "SSL" or "TLS" in the text, but apparently DHS has been aware of Transport Layer Security earlier than that. Today KrebsOnSecurity published a post titled DHS Giving Firms Free Penetration Tests  containing a link to a document which include the  status update about the ongoing cyber programs and efforts underway at the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) . In a rather confusing timeline, we read first about a DHS ignoring SSL/TLS during its own Security Audit Report (Sept. 2015) and today about how SSL (TLS) related vulnerabilities occupy 5/5 of the Top 5 (Occurring) Vulnerabilities list in the DHS NCATS Year-Engagement Report 2014 (which indeed might have more conveniently be published at an earlier date). The reason for this post is not the confusing orde
Read more

Het is moeilijk mensen te vertrouwen in een monetair systeem

Image
Aan de Raad voor Accreditatie Is het erger dat een webwinkel met een " F " score op SSL Labs ( geen veiligheid van de verbinding tussen consument en webwinkel) een keuring toont van een Webshop Keurmerk of dat deze Keurmerk "een 10 heeft gekregen voor de betrouwbaarheid door de Raad voor Accreditatie " met name over "de manier waarop de keurmerk wordt verleend"? De webwinkel www.destofzuigerzak.nl is een van de vele online winkels van Nederland. Het menu  Informatie , hoofdstuk  Veilig winkelen  verklaart: "U kunt bij ons met een gerust hart winkelen. Wij zijn gecertificeerd door Webshop Keurmerk, hét toonaangevende door de overheid erkende keurmerk voor kopen op afstand . Daarnaast worden uw gegevens vertrouwelijk behandeld (zie ons Privacy beleid) en worden alle gegevens die u tijdens uw bestelling invoert, versleuteld/beveiligd verstuurd middels een SSL-verbinding . Wij zijn hiervoor officieel gecertificeerd door Safe2Shop met
Read more