Lucene search
K

12 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

5.8CVSS8.6AI score0.01407EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2015/10/23 3:55 p.m.13 views

Cryptographers Concerned Over NSA's Deprecation of ECC

The National Security Agency has long cuddled up to Elliptic Curve Cryptography, swaying standards bodies away from RSA crypto and toward ECC in the late 1990s, as well as recommending it as a strong enough solution for sensitive government agencies to use in guarding their biggest secrets. In...

7AI score
Exploits0References5
Oracle linux
Oracle linux
added 2015/04/02 12:0 a.m.364 views

openssl-fips security update

1.0.1m-2.0.1 - update to upstream 1.0.1m - update to fips canister 2.0.9 - regenerated below patches openssl-1.0.1-beta2-rpmbuild.patch openssl-1.0.1m-rhcompat.patch openssl-1.0.1m-ecc-suiteb.patch openssl-1.0.1m-fips-mode.patch openssl-1.0.1m-version.patch openssl-1.0.1m-evp-devel.patch...

10CVSS0.2AI score0.99999EPSS
Exploits155
ThreatPost
ThreatPost
added 2014/04/22 5:6 p.m.17 views

NIST removes Dual EC DRBG from SP 800-90A

The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...

0.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/04/02 11:38 a.m.10 views

Matthew Green on the NSA and Crypto Backdoors

Dennis Fisher talks with Matthew Green of Johns Hopkins University about the paper he co-authored on the Extended Random extension for Dual EC DRBG and whether it could be considered a backdoor. Download: digitalunderground149.mp3...

1.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/03/31 3:59 p.m.36 views

Second NSA Crypto Tool Found in RSA BSafe

A team of academics released a study on the maligned Dual EC DRBG algorithm used in RSA Security’s BSafe and other cryptographic libraries that includes new evidence that the National Security Agency used a second cryptographic tool alongside Dual EC DRBG in Bsafe to facilitate spying. Allegation...

1.9CVSS0.1AI score0.00942EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2014/02/25 1:17 p.m.14 views

RSA Conference 2014 Art Coviello RSA keynote

SAN FRANCISCO – RSA Security executive chairman Art Coviello today at RSA Conference 2014 made his first public comments about the security company’s relationship with the National Security Agency, painting the landmark firm as a victim of the spy agency’s blurring of the lines between its...

7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/01/31 1:7 p.m.9 views

Boasting Better Encryption, Bug Fixes, OpenSSH 6.5 Released

The OpenBSD Project pushed out a new build on Thursday of the OpenSSH security suite, adding a new private key format, a new transport cipher and fixing 15 bugs in the Secure Shell. OpenSSH version 6.5 adds support for the key exchange using elliptic-curve Diffie Hellman within cryptographer Dani...

0.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2013/12/23 10:29 a.m.22 views

RSA Denies NSA Backdoor Payment Allegations, But Questions Linger

The accumulation of hundreds of leaked documents and formerly secret operational methods used by the NSA in the last six months has led to a bit of a numbing effect, with some new leaks being met with a shrug of indifference. But the latest and most explosive entry in that ledger–the report that...

7.2AI score
Exploits0References5
ThreatPost
ThreatPost
added 2013/10/18 12:19 p.m.13 views

/Dev/Random PRNG in Linux Questioned

The sanctity of the dev/random random number generator used in the Linux kernel has been a hot-button issue for more than a month. A petition posted to change.org in September to remove RdRand from dev/random, for example, was met with fury from Linus Torvalds who called the developer who posted ...

0.1AI score
Exploits0References4
Debian CVE
Debian CVE
added 2013/10/11 10:0 p.m.38 views

CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

5.8CVSS8.9AI score0.01407EPSS
Exploits0
ThreatPost
ThreatPost
added 2013/09/20 1:18 p.m.9 views

In Wake of Latest Crypto Revelations, 'Everything is Suspect'

So now that RSA Security has urged developers to back away from the table and stop using the maligned Dual Elliptic Curve Deterministic Random Bit Generation Dual EC DRBG algorithm, the question begging to be asked is why did RSA use it in the first place? Going back to 2007 and a seminal...

7.3AI score
Exploits0References4
Rows per page
Query Builder