colmmacc 3 years ago

Full title - "DUELING OVER DUAL_EC_DRBG: THE CONSEQUENCES OF CORRUPTING A CRYPTOGRAPHIC STANDARDIZATION PROCESS" - an interesting article from the Harvard National Security Journal.

jeffrallen 3 years ago

The last sentence of the summary is totally contradicted by reality: Seeking to understand how NIST, a U.S. government agency, was able to remain a purveyor of cryptographic algorithms despite the Dual_EC_DRBG problem, we examine the Dual_EC_DRBG situation, NIST's response, and why a non-regulatory, non-national security U.S. agency remains a successful international supplier of strong cryptographic solutions.

NIST is wholly without credibility, and as a result, the industry uses x25519 and other non-NIST algorithms. Djb's flap with NIST about transparency in the PQC selection process is more evidence that they are fatally compromised.