For boys who like boys who like mandroids!

Homotron Feeds:

Staff:

Editor'n'Chief: Fruit Brute - Email
Editor: tiny dancer - Email
Writer: Ed Rodriguez - Email
Writer: Jesse James - Email
Writer: NeonMadman - Email
Contributor: Super Timsy - Email
Contributor: Asterick - Email
Contributor: SuperSpecialDavey - Email
ÜberDork: Mikey - Email
Have a tip?
Send it to us here!

Archives:

Hot Stuff: Gay Founder Of Geocities Invests In New LGBT Social Networking Site · Homotron Awakes With iPad Launch · Oracle Buys Sun For $7.4 Billion · From GayGamer: Pirate Bay Founders Arrrr Guilty · Update: Amazon.fail Official Response ·

NSA Trying To Get In Your Backdoor?

A new random number generator (these generators form the basis of cryptography, allowing you to encrypt your files) championed by the NSA has the smell of a Trojan Horse, says Bruce Schneier of Wired:

The NSA has always been intimately involved in U.S. cryptography standards -- it is, after all, expert in making and breaking secret codes. So the agency's participation in the NIST (the U.S. Commerce Department's National Institute of Standards and Technology) standard is not sinister in itself. It's only when you look under the hood at the NSA's contribution that questions arise.
Problems with Dual_EC_DRBG [NSA's standard] were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

The concerns don't end there. Mathematical analysis of Dual_EC_DRBG, shows that the basic seeds of the generator, the constants from which the basic elliptical curve and therefore the random number sequence are derived, are based on a second, related set of secret numbers not published by the NSA. Even worse, anyone with this second, secret set of numbers would be able to easily break any file encrypted using Dual_EC_DRBG by simply monitoring just 32 bytes of the file!

The Dual_EC_DRBG generator is included in a set of four generators published by the U.S. government as a set of standards this year (called "NIST Special Publication 800-90") that will most likely be followed by software developers implementing file encryption. The fact that such a seemingly weak, slow standard made it into the NIST's recommendation paper has raised concerns among cryptography circles that the NSA purposefully developed the standard in order to have a backdoor into encrypted files.

Check out Bruce Schneier's article for more in-depth analysis.

NIST Special Publication 800-90 [NIST]