[hannob]

There's two stories that often get mixed together. One is an elliptic curve based random number generator (Dual EC DRBG), and yes, everyone who knows the facts believes it's backdoored.

Then there's some much more general concerns about the NIST curves themselve. These concerns come down to that a) we don't really know how they were generated (there are some numbers in the paper that just "appear out of nowhere") and b) that they've been created by the NSA. But there's no concrete proof of any backdooring and it seems relatively implausible, as no method is known that would explain how that backdooring would work. I guess most people familiar with the facts don't believe they are backdoored.

[1000units]

Oh, just that once.

[tialaramex]

We don't actually know for sure that Dual EC is backdoored, we have unexplained constants plus subsequently a way to pick constants that backdoor the algorithm have been discovered. The constants could have been chosen randomly or based on something that would be embarrassing to reveal, e.g. the project leader picked their children's birthdays. Since this algorithm is worse in other ways there is no reason to use it and it's reasonable to treat things that pick Dual EC as problematic because they had no good reason to do that once it became controversial. But we shouldn't forget that it's not actually proven to be backdoored, we have only reasonable suspicions.

[wolf550e]

Reading this [1] and then saying that maybe it's not a backdoor, maybe it's the NSA cryptographer's kids' birthdays is completely nuts.

1 - https://eprint.iacr.org/2016/376.pdf

[1000units]

Some people put their faith in the strangest places.

[ohazi]

We also know that the NSA secretly paid RSA-the-company $10 million to use dual ec as the default.

[tptacek]

We also know that Juniper not only used Dual-EC for their VPNs, but that someone at some point got access to their source tree and rekeyed the backdoor to a new secret. It's obviously a backdoor.

[lawnchair_larry]

We do know a lot more than that now. It was in the Snowden leaks.

[1000units]

We have a lot of competent people at the NSA.