Mathy Bits
So, it looks like there’s a surprising amount of noteworthy stuff going on in the cryptography community at the moment.
First, Bruce Schneier points out a paper from Dan Shumow and Niels Ferguson (PDF warning) (at CRYPTO 2007) that indicates it’s possible that the NSA (or the NIST, or someone) has inserted a backdoor in a newly standardized random-number generator that makes it possible to predict its output. (Actually, to know its output, if I’m understanding correctly.) That means that any randomness used for cryptography is completely useless if someone knows the secret numbers, which is at least plausible. In short, don’t use “Dual_EC_DRBG”. Or, if you absolutely have to, change the constants.
Then, Adi Shamir notes that a single unknown flaw in a math processor on a CPU could also break important parts of cryptography if someone finds out about it (and is able to preform a known-plaintext chosen-plaintext attack). Of course, he’s not saying one exists, and I’m not sure why that came out now as opposed to any other time, but it’s interesting nonetheless.
Speaking of Adi Shamir, I’m pretty thoroughly convinced that tossing the modular arithmetic into Shamir’s secret sharing algorithm the way it was intended will give proper, non-leaking results. It looks like the flaw is really just an implementation flaw in the way I was looking at the problem (and the way it was replicated on the Wikipedia). So, while it’s something to look out for if you’re actually implementing the algorithm, it’s not a major problem if you’ve got a working, proper implementation. I’ll try to update my blog post (and the affected Wikipedia article, if it still needs fixing) soon.
Andy Schmitz
renderings, but they should at least be legible)
