|
|
|
|
|
|
by elliotz
4438 days ago
|
|
|
The public standard shouldn't include the secret values, but rather identify the (verifiable) process for generating the public values, in order to assure people that they were not created from secret values. See: https://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number (Or, of course, you could just not publish RNG standards based on public-key crypto ;-) |
|
|
It seems there's enough evidence that NSA inserted the secret values in one standard already:
http://en.wikipedia.org/wiki/Dual_EC_DRBG