Hacker News new | past | comments | ask | show | jobs | submit login

TIL that the NSA designed SHA and there is at least a chance they implementation of the elliptic curve has a back-door[1]

[1] https://arstechnica.com/information-technology/2014/01/how-t...






The NIST and NSA didn't have a hand in deriving Curve 25519, which was created by a very well trusted cryptographer Daniel J. Bernstein. One of the goals of Curve 25519, IIRC, was to use parameters chosen from a handful of mathematical constants as seeds, as opposed to black box constants which could be chosen by an attacker with advanced cryptographic knowledge. (e.g.: the largest employer of mathematicians in the country, the NSA.)

You're probably thinking of Dual_EC DRBG, not SHA. And perhaps some of the NIST curves. It's hard to imagine how to backdoor something like SHA-1, and no one thinks it has been, as it's just a hash function -- that's not where the money's at. Dual_EC DRBG was never really that much in open source or commercial software, though I wouldn't be surprised if it got used by some choice targets of NSA espionage. (Dual_EC is best thought of as a key escrow scheme, which is fine if you want to use it in your org, with your own curve. The problem with Dual_EC is that the public wasn't told this -- the NSA pulled a fast one on NIST.)

As to curves, just use Curve25519 and Curve448 -- those are "nothing up my sleeve" curves where the authors came up with a set of rules for picking a curve's parameters, then picked the one that most closely matched the stated goals according to their rules. The way they are it's very difficult to imagine that the authors somehow found a curve with a backdoor and then retroactively designed rules to generate the same curve, rules that have to be simple and obvious (at least to cryptographers anyways).

There are many benefits to those curves, not the least of which is that their public keys are smaller than RSA or modular DH keys, and that they are faster, all while being more secure.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: