Hacker News new | past | comments | ask | show | jobs | submit login

So, when are we going to start seeing CVEs from these vendors, and updates to their software that disable this "feature"?

Cisco, Certicom, RSA, McAffee (via RSA), Juniper, Blackberry/RIM, OpenPeak, OpenSSL, Samsung, Symantec, Riverbed, Cummings Engineering, CoCo Communications, Kony, Lancope (via RSA), Mocana, Safenet, SafeLogic, Panzura, Microsoft, Thales e-Security, Catbird, ARX all list Dual_EC_DRBG as at least supported.

Of these, RSA (and presumably the others based on their, like McAffee and Lancope), Thales e-Security, and possibly Microsoft (Windows Server 2008 R2 lists only Dual_EC_DRBG, though its possible that that's just their only FIPS compliant one and they use some non-standard algorithm by default) seem to use Dual_EC_DRBG by default or as the only option. I haven't tried finding documentation on all of these to see if they say what their default algorithm is, so it may be more.

edit to add: Found this discussion on the OpenSSL users list, about why they added it. Apparently it was because a paying customer requested it, thought the customer is not named for confidentiality reasons. OpenSSL doesn't appear to enable the NIST/FIPS random number generators unless you compile it in FIPS mode (at least, as far as I can tell from a quick, their build system is a bit weird, and FIPS mode is even stranger):


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact