Attack on Old ANSI Random Number Generator
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard.
Here’s the research paper, the website—complete with cute logo—for the attack, and Matthew Green’s excellent blog post on the research.
Tatütata • October 31, 2017 11:06 AM
This work was supported by the National Science Foundation under grants CNS-1651344, CNS-1505799, CNS-1408734, CNS-1010928, CNS-1228443, and EFMA-1441209; The Office of Naval Research under contract N00014-14-1-0333; the Mozilla Foundation; and a gift from Cisco.
It’s interesting that two government departments (NSF, ONR) supports research that helps prevent potential (?) excesses by another one (NSA).
Are you a government with a desire for large scale decryption capabilities?
Weakening, sabotaging, backdooring, or frontdooring encryption standards may harm both the overall security of your country as well as your reputation!
Cute!
Now, how do you provide guaranteed good seeds on an IoT node?