|
|
|
|
|
|
by AngrySkillzz
3972 days ago
|
|
|
If the victim is using Dual_EC_DRBG and Clyde Frog can obtain ~32 bytes of RNG output, they can figure out in reasonable time what the seed to the RNG was (assuming they know how the curve parameters were generated). "This is a huge deal in the case of SSL/TLS, for example. If I use the Dual-EC PRG to generate the "Client Random" nonce transmitted in the beginning of an SSL connection, then the NSA (sic) will be able to predict the "Pre-Master" secret that I'm going to generate during the RSA handshake. Given this information the connection is now a cleartext read. "[1] So, Clyde Frog can figure out your RNG state and predict what key you will generate for your TLS session. That's how they obtain the private key. [1] http://blog.cryptographyengineering.com/2013/09/the-many-fla... |
|
|