[thecsman]

So I'm doing my usual news sweep on Slashdot, and I find an interesting article that mentions FIPS as having a backdoor on its random number generator.

Dual_Ec_Drbg backdoor: a proof of concept at Aris' Blog - Computers, ssh and rock'n roll

The article explains a proof of concept as to how the FIPS standard random number generator can be used as a backdoor to any device that implements it.

Posted via CB10

[Ecm]

Hi thecsman

I've relocated this to news & rumours section...

[jope28]

I hope some of the smart ppl here can comment on this. It's all like hieroglyphics to me lol

Frosty white Q10/10.3.1.2072

[INTz]

I hope some of the smart ppl here can comment on this. It's all like hieroglyphics to me lol

Frosty white Q10/10.3.1.2072

Haven't read the article but I think I can comment based on some discussion on this that i have read.

The back door only exists when you use some default recommended value for the keys. BlackBerry has stated publically that they do not use this default value.

You can look into it for more details.

Posted via CB10

[MobileMadness002]

So I'm doing my usual news sweep on Slashdot, and I find an interesting article that mentions FIPS as having a backdoor on its random number generator.

Dual_Ec_Drbg backdoor: a proof of concept at Aris' Blog - Computers, ssh and rock'n roll

The article explains a proof of concept as to how the FIPS standard random number generator can be used as a backdoor to any device that implements it.

Posted via CB10

I read this article and the part I understood was the .... Actually, no darn part. My head hurts now.

[Carterbits]

BlackBerry responded to this over a year ago. They do not implement the algorithm mentioned in this article in their products:

“BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no ‘back door’ to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”

BlackBerry denies using backdoor-enabled encryption code - The Globe and Mail

[Rustybronco]

The above linked article is telling in more ways than one.
And I...

�Certicom is committed to providing technology that meets the U.S. Government�s highest standards to secure and protect its most sensitive information,� Ian McKinnon, president and CEO of Certicom, said in a statement at the time. �With NSA�s decision to purchase a licence from Certicom for [eliptic curve encryption technology], Certicom is well-positioned to drive the adoption of our technologies and intellectual property in new markets that need strong security.�

In other words " those with intellectual property rights are now giving full rights to the NSA to track those who pirate those rights"

Once they have the keys, everything else is open to inspection as well.