[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 20 Sep 2013, Philip Hudson wrote:
Anyone with a better grasp of crypto than mine able to tell whether this has any implications for openssh or gpg keys?http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
I don't think it has any direct implications. Both make use of RSA the algorithm, but this is about RSA the company (founded by the same R, S and A that invented the algorithm).
In a more general sense, you could argue that it shows that crypto is hard to get right and that openssl or GPG may include similar bugs (and thus potential backdoors).
On a related note, Matthew Green did make a good point on a podcast that interviewed him: the fact that the NSA felt the need to implement backdoors into (implementation) standards, shows that the maths itself is pretty strong. If they had a way to factor RSA-keys a million times faster than anyone else, they wouldn't have needed these backdoors.
Martijn.PS this one's especially for you - I found it through a guy who works at Microsoft: http://media.boingboing.net/wp-content/uploads/2013/09/9693327611_bf4dd78a83_z1.jpg
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq