[tialaramex]

We don't actually know for sure that Dual EC is backdoored, we have unexplained constants plus subsequently a way to pick constants that backdoor the algorithm have been discovered. The constants could have been chosen randomly or based on something that would be embarrassing to reveal, e.g. the project leader picked their children's birthdays. Since this algorithm is worse in other ways there is no reason to use it and it's reasonable to treat things that pick Dual EC as problematic because they had no good reason to do that once it became controversial. But we shouldn't forget that it's not actually proven to be backdoored, we have only reasonable suspicions.

[wolf550e]

Reading this [1] and then saying that maybe it's not a backdoor, maybe it's the NSA cryptographer's kids' birthdays is completely nuts.

1 - https://eprint.iacr.org/2016/376.pdf

[1000units]

Some people put their faith in the strangest places.

[ohazi]

We also know that the NSA secretly paid RSA-the-company $10 million to use dual ec as the default.

[tptacek]

We also know that Juniper not only used Dual-EC for their VPNs, but that someone at some point got access to their source tree and rekeyed the backdoor to a new secret. It's obviously a backdoor.

[lawnchair_larry]

We do know a lot more than that now. It was in the Snowden leaks.

[1000units]

We have a lot of competent people at the NSA.