Dual_EC_DRBG with Justin Schuh and Matthew Green

Dec 7, 2024

Matthew Green, a renowned cryptographer known for his passionate takes on security, joins Justin Schuh to dissect the controversial Dual_EC_DRBG. They debate whether this random number generator was a deliberate backdoor by the NSA or merely a colossal blunder. The conversation uncovers the ethical dilemmas of cryptographic standards, the NSA's questionable practices, and the erosion of public trust in secure communications. Their insights blend humor and serious analysis, illuminating the complexities of cryptography in today's world.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

The Initial Debate

Justin Schuh and David Adrian had a debate about Dual_EC_DRBG.
Justin, an exploits expert, didn't believe it was intentionally backdoored, sparking a larger discussion.

INSIGHT

Backdoors vs. Vulnerabilities

Exploits often resemble backdoors, making intent difficult to determine from a technical perspective alone.
Understanding the context and history of vulnerabilities is critical.

INSIGHT

Dual_EC_DRBG's Structure

Dual_EC_DRBG's structure resembles a keyed backdoor, allowing prediction of future outputs with specific knowledge.
This doesn't automatically imply malicious intent but raises strong suspicion.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Nothing we have ever recorded on SCW has brought so much joy to
David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.

Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.

Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg

Links:

- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q)
- Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/)
- NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html)
- On the Practical Exploitability of Dual EC
in TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf)
- Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/)
- ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption)
- DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf)
- IAD: [https://www.iad.gov/](https://www.iad.gov/)
- Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/)
- 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554)
- Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00)
- The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)