Best write-up I’ve seen so far on the cryptographic backdoor–assuming it was an intentional backdoor, which is probable but not proven.
Note that it took six years to go from this:
Dan Shumow and his Microsoft colleague Niels Ferguson titled theirs, provocatively, “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng.” It was a title only a crypto geek would love or get.
Early this month the New York Times drew a connection between their talk and memos leaked by Edward Snowden, classified Top Secret, that apparently confirms that the weakness in the standard and so-called Dual_EC_DRBG algorithm was indeed a backdoor.
It’s disputed that this was a purposeful backdoor, as opposed to just bad design. Prior to public release of documents that detail the NSA’s shenanigans, I would have blamed poor design over purposeful sabotage. Now, in my view, it’s just naive to assume this was an accident. The broken random number generation of EC means that any cryptosystem that relies on it is effectively broken, no matter how well the other aspects of the system are implemented. It’s unlikely the NSA would make such a mistake, and then fail to correct it year’s later. My hunch is that this is exactly what they wanted. A system broken at the foundation; no matter how well the house atop the foundation is built, the NSA can always knock it down if need be. Secure enough to withstand amateur attacks, but crackable enough for the NSA, or any other well-funded or determined assailant.
This is why it’s sabotage. Not only can the NSA break it, but so can anyone else, provided the resources.
Some good news: Senators to introduce reform bill. Some caution though, as we’ve seen this before and there’s always a possibility for the final bill to be watered down. And of course the NSA could just ignore the bill, find loopholes, etc.
More good news: Google Chrome to take more aggressive steps regarding the security of certificates. Recall that that NSA has forged these sorts of certificates, used to authenticate web sites/servers in SSL/TLS sessions, as well as secure the communication to/from those servers.