Dual_EC_DRBG with Justin Schuh and Matthew Green

Dec 7, 2024

Matthew Green, a renowned cryptographer known for his passionate takes on security, joins Justin Schuh to dissect the controversial Dual_EC_DRBG. They debate whether this random number generator was a deliberate backdoor by the NSA or merely a colossal blunder. The conversation uncovers the ethical dilemmas of cryptographic standards, the NSA's questionable practices, and the erosion of public trust in secure communications. Their insights blend humor and serious analysis, illuminating the complexities of cryptography in today's world.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Dicky George's Challenge

Dickie George, in a 2014 talk, offered dinner to anyone proving Dual_EC_DRBG's exploitability with custom parameters.
Researchers demonstrated this, but George didn't honor his offer.

ANECDOTE

SIGINT Enabling Project

The Snowden documents revealed the SIGINT Enabling Project, a program inserting vulnerabilities into commercial encryption systems.
This program aimed to enable decryption by the NSA.

INSIGHT

NSA's Use of Dual_EC_DRBG

Dual_EC_DRBG's hardware implementation in widely deployed devices explains NSA's continued use.
This aligns with their preference for maintaining capabilities, even if outdated.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Nothing we have ever recorded on SCW has brought so much joy to
David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.

Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.

Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg

Links:

- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q)
- Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/)
- NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html)
- On the Practical Exploitability of Dual EC
in TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf)
- Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/)
- ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption)
- DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf)
- IAD: [https://www.iad.gov/](https://www.iad.gov/)
- Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/)
- 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554)
- Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00)
- The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)