

NIST's cryptographic standardization process - zdw
http://blog.cr.yp.to/20140411-nist.html

======
joveian
Also interesting are the other three blog entries, particularly "Entropy
Attacks!" that talks about how hashing RDRAND into an entropy pool right
before using it (an obvious use that seems like a good idea) could, with a
malicious implementation, cause a lower entropy output that would reveal your
DSA private key...

------
tod222
Final paragraph:

> _When I heard about this draft I assumed that NIST had engaged in (1) an
> honest retrospective review of known security flaws in NIST standards and
> (2) an honest analysis of ways in which those flaws could have been avoided
> by modifications in NIST 's standardization process. The current draft is,
> unfortunately, very far from this, and as a result is very difficult to take
> seriously._

