DSA key sizes
Robert J. Hansen
rjh at sixdemonbag.org
Mon Nov 10 20:36:01 CET 2014
> Nobody may have used Dual_EC_DRBG "in the first place" (since of
> course it didn't exist before it was proposed), but that doesn't
> mean that nobody used it.
"in the first place" meaning "since it was proposed in 2004".
> Despite its terrible performance, RSA's BSAFE library used
> Dual_EC_DRBG as the default CSPRNG for 9 years (most of them well
> after Shumow and Ferguson's results), removing it only in 2013 when
> forced to by leaked documents confirming the backdoor:
Yes, but strangely, despite the fact OpenSSL's Dual_EC_DRBG support
never worked outside of the test harness, nobody ever filed a ticket
against OpenSSL demanding Dual_EC_DRBG be fixed.
BSAFE may have used it by default (much to RSA's shame, and they deserve
to spend a long, long time living it down), but BSAFE isn't anywhere
near as big of a player in the market as OpenSSL is. The two biggest
players in that area are Microsoft, which supported it but not by
default, and OpenSSL.
But I agree, saying that "nobody used it" was going a little far. I
think it's accurate to say very few people used it.
More information about the Gnupg-users