

Letters to the Editor: Misleading Mathematicians [pdf] - RhysU
http://www.ams.org/notices/201506/rnoti-p613.pdf

======
wooster
The referenced article is available here:
[http://www.ams.org/notices/201502/rnoti-p165.pdf](http://www.ams.org/notices/201502/rnoti-p165.pdf)

------
EthanHeilman
The original blog entry which we modified into the letter to the AMS:

[http://ethanheilman.tumblr.com/post/108115952435/a-response-...](http://ethanheilman.tumblr.com/post/108115952435/a-response-
to-wertheimers-encryption-and-the-nsa)

------
scoop18
I wish the authors had focused on the design of DUAL_EC_DRBG, since that's a
more objective and compelling response. Mathematical features of the standard
make very little sense without a backdoor, and the original article provided
essentially no justification. Rather, it attempted a distraction by pointing
to alternative configurations and standards.

The authors might also have focused on the NSA's consistent refusal to deny
that it backdoored DUAL_EC_DRBG. It is difficult to see what intelligence harm
could come from such an acknowledgement. After the Heartbleed issue went
public, for example, the NSA quickly denied that it had previous knowledge.

Unfortunately, the authors focus on NSA skullduggery and misconduct, citing
primarily to non-expert (and semi-sensationalist) reporting. That's not very
surprising, since Bruce Schneier is an activist critic. (As is Green, I'm not
familiar with Heilman.) I think it undermines their case, though.

~~~
EthanHeilman
>Mathematical features of the standard make very little sense without a
backdoor, and the original article provided essentially no justification.
Rather, it attempted a distraction by pointing to alternative configurations
and standards.

I agree and would happily sign a letter which made this case. The argument for
a DUAL_EC_DRBG backdoor is overwhelming.

>Unfortunately, the authors focus on NSA skullduggery and misconduct, citing
primarily to non-expert (and semi-sensationalist) reporting.

My primary objection, I can't speak for the other signers, was Wertheimer’s
misleading claims that the NSA does have a history of such skullduggery when
there is also very strong evidence to the contrary.

We cited:

1\. propublica.org, as a source for a direct quotes from NSA documents.

2\. reuters, who are the primary source for the claim that the NSA paid RSA 10
million to make DUAL_EC_DRNG the default.

3\. blog.cryptographyengineering.com, Matthew Green's writing on this subject.
Matthew Green has published an academic research paper at a top venue on
DUAL_EC_DRBG [0] and is a Cryptography Professor at Johns Hopkins.

4\. Mollin's An Introduction to Cryptography, a Cryptography textbook. Richard
A. Mollin was a Cryptography expert [1].

5\. Johnson's "American Cryptology during the Cold War: Book III" a History of
the NSA written by the NSA.

Three of the five are experts within their areas. Two are from well
established news organisations.

[0]: [http://dualec.org/](http://dualec.org/)

[1]: [http://leydenscalgary.sharingmemories.ca/site/Richard-
Mollin...](http://leydenscalgary.sharingmemories.ca/site/Richard-Mollin.html)

------
mherdeg
Received 9 February, published in the June/July issue; I wonder why such a
long turnaround time for a short letter?

(The publication is more or less monthly, see at
[http://www.ams.org/notices/201506/](http://www.ams.org/notices/201506/) ).

~~~
Someone
long? If you look at
[http://www.ams.org/notices/201410/rnoti-p1268.pdf](http://www.ams.org/notices/201410/rnoti-p1268.pdf)
(google “AMS notices backlogs” for other years), few journals beat that for
papers, and many go way over that.

And yes, a short letter is different, but they might have a backlog of other
letters to publish, may not want to limit the amount of letters per issue,
and, for all I know, that June/July issue might have gone to print in May.

Even if the editors worked at infinite speed, in the end, this still is a
paper journal with its limitation on number of pages, ratio of articles to
reviews to letters, etc.

