Re: Can we trust RedHAt encryption tools?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Eero Volotinen wrote:
> mark wrote:
> I agree, but I just don't know how much in the way of manhours that would
>> involved.
>>
>> However, if you do get it all built, and build packages out of them,
>> there is an extras? contribs? repo, and I'd encourage you to submit it for
>> that.
>
> RHEL nowdays supports already Elliptic Curve on openssl.

Um, I guess you haven't read the news lately - the most used,
POSIX-mandated elliptic curve is backdoored by the US NSA - when the
standards committee was writing the standard, they pushed the backdoored
version.

<https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html>
>From one of the linked-two essays:
As was revealed today, the NSA also works with security product vendors to
ensure that commercial encryption products are broken in secret ways that
only it knows about. We know this has happened historically: CryptoAG and
Lotus Notes are the most public examples, and there is evidence of a back
door in Windows. A few people have told me some recent stories about their
experiences, and I plan to write about them soon. Basically, the NSA asks
companies to subtly change their products in undetectable ways: making the
random number generator less random, leaking the key somehow, adding a
common exponent to a public-key exchange protocol, and so on. If the back
door is discovered, it's explained away as a mistake. And as we now know,
the NSA has enjoyed enormous success from this program
--- end excerpt ---

<http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance>

      mark


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux