[CentOS] Elliptic curve on Centos 6.x
Adrian Sevcenco
Adrian.Sevcenco at cern.ch
Fri Jan 3 11:01:14 UTC 2014
On 01/03/2014 03:28 AM, Jitse Klomp wrote:
> 2014/1/3 David Benfell <benfell at parts-unknown.org>
>
>> I was unable to find an associated vulnerability in Linux. I trust the
>> OpenSSL folks would be on top of this faster than you can blink an eye
>> if it were a current issue. They have not, from what I've seen,
>> reacted to the revelations.
>>
>
> Interesting read on the openssl-announce list:
> http://www.mail-archive.com/openssl-announce@openssl.org/msg00127.html
> Turns out the openssl implementation of Dual_EC_DRBG was broken anyway...
i was just blew away by this:
"What almost all commentators have missed is
that hidden away in the small print (and subsequently confirmed by our
specific query) is that if you want to be FIPS 140-2 compliant you MUST
use the compromised points."
i even don't have words to comment on this!!!
Adrian
More information about the CentOS
mailing list