Dailydave mailing list archives
DUAL_EC Question of the Day
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 22 Dec 2015 10:05:03 -0500
"Know yourself, blah blah blah, always win" - Sun Tzu So all big companies have a problem - they want to strongly encrypt their local network, but they also don't want to move ALL of their network inspection to the endpoints because that scales terribly. Likewise, you don't want to implement a per-protocol key escrow service, because that becomes impossible to maintain. DUAL_EC-aware intrusion detection and analysis systems are the perfect answer. Every encrypted protocol is "broken", but only to your network security equipment. People assumed that the NSA wanted a backdoored random number generator so they could look at other people's traffic, but of course a plausible answer is that a backdoored random number generator is even more useful for looking at your own traffic in an economical way. If the NSA was watching Juniper VPN traffic to decrypt it, they probably would have noticed very quickly when it started failing once the backdoor was put into Juniper equipment, overwriting the Q value. Then again, we don't know who originally told Juniper there was a backdoor... -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- DUAL_EC Question of the Day Dave Aitel (Dec 22)