1. thecsman's Avatar
    So I'm doing my usual news sweep on Slashdot, and I find an interesting article that mentions FIPS as having a backdoor on its random number generator.

    Dual_Ec_Drbg backdoor: a proof of concept at Aris' Blog - Computers, ssh and rock'n roll

    The article explains a proof of concept as to how the FIPS standard random number generator can be used as a backdoor to any device that implements it.

    Posted via CB10
    01-01-14 02:57 PM
  2. Ecm's Avatar
    Hi thecsman

    I've relocated this to news & rumours section...
    01-01-14 03:18 PM
  3. jope28's Avatar
    I hope some of the smart ppl here can comment on this. It's all like hieroglyphics to me lol

    Frosty white Q10/10.3.1.2072
    02-08-15 09:58 PM
  4. INTz's Avatar
    I hope some of the smart ppl here can comment on this. It's all like hieroglyphics to me lol

    Frosty white Q10/10.3.1.2072
    Haven't read the article but I think I can comment based on some discussion on this that i have read.

    The back door only exists when you use some default recommended value for the keys. BlackBerry has stated publically that they do not use this default value.

    You can look into it for more details.

    Posted via CB10
    02-08-15 10:23 PM
  5. MobileMadness002's Avatar
    So I'm doing my usual news sweep on Slashdot, and I find an interesting article that mentions FIPS as having a backdoor on its random number generator.

    Dual_Ec_Drbg backdoor: a proof of concept at Aris' Blog - Computers, ssh and rock'n roll

    The article explains a proof of concept as to how the FIPS standard random number generator can be used as a backdoor to any device that implements it.

    Posted via CB10
    I read this article and the part I understood was the .... Actually, no darn part. My head hurts now.
    mithrazor likes this.
    02-09-15 10:41 AM
  6. Carterbits's Avatar
    BlackBerry responded to this over a year ago. They do not implement the algorithm mentioned in this article in their products:

    “BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no ‘back door’ to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”

    BlackBerry denies using backdoor-enabled encryption code - The Globe and Mail
    diegonei likes this.
    02-09-15 10:48 AM
  7. Rustybronco's Avatar
    The above linked article is telling in more ways than one.
    And I...
    Certicom is committed to providing technology that meets the U.S. Governments highest standards to secure and protect its most sensitive information, Ian McKinnon, president and CEO of Certicom, said in a statement at the time. With NSAs decision to purchase a licence from Certicom for [eliptic curve encryption technology], Certicom is well-positioned to drive the adoption of our technologies and intellectual property in new markets that need strong security.
    In other words " those with intellectual property rights are now giving full rights to the NSA to track those who pirate those rights"

    Once they have the keys, everything else is open to inspection as well.
    02-09-15 12:00 PM

Similar Threads

  1. WTS: BlackBerry Z10 (AT&T, black)
    By AshDeezy in forum The Marketplace - Buy, Sell & Trade
    Replies: 12
    Last Post: 02-02-14, 05:21 PM
  2. BlackBerry, Peer-Pressure, and my Sisters
    By BBPandy in forum General BlackBerry Discussion
    Replies: 116
    Last Post: 01-05-14, 08:05 PM
LINK TO POST COPIED TO CLIPBOARD