One thing you need to understand.
There is a huge difference between asymmetric encryption and
cryptographically secure pseudo-random number generator. EC is secure, the
default random number generator on Linux is /dev/urandom. It does not use
the backdoored NSA PRNG.
On Fri, Jan 3, 2014 at 6:36 AM, Adrian Sevcenco <Adrian.Sevcenco@xxxxxxx>wrote:
> On 01/03/2014 01:15 PM, Karanbir Singh wrote:
> > On 01/03/2014 11:01 AM, Adrian Sevcenco wrote:
> >> i was just blew away by this:
> >> "What almost all commentators have missed is
> >> that hidden away in the small print (and subsequently confirmed by our
> >> specific query) is that if you want to be FIPS 140-2 compliant you MUST
> >> use the compromised points."
> >>
> >> i even don't have words to comment on this!!!
> >
> > I tweeted about this exact point a few minutes ago; given the way and
> > what is compromised in what manner, and then work back to what FIPS is,
> > it helps dilute the shock. a bit. but then who's got the funds and
> > resources to re-work the fips process with a new codebase ? Will Red Hat
> ?
> at this point i am thinking: why bother (with re-certification)? because
> of this (among other things) the trust in "fips process" or other
> "official" processes is in free fall.. IMHO underlying problem is not
> that a cipher/process/code was compromised but that the supervising
> _trustworthy_ entity is in fact not trustworthy at all!
>
> Adrian
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
