One thing you need to understand. There is a huge difference between asymmetric encryption and cryptographically secure pseudo-random number generator. EC is secure, the default random number generator on Linux is /dev/urandom. It does not use the backdoored NSA PRNG. On Fri, Jan 3, 2014 at 6:36 AM, Adrian Sevcenco <Adrian.Sevcenco at cern.ch>wrote: > On 01/03/2014 01:15 PM, Karanbir Singh wrote: > > On 01/03/2014 11:01 AM, Adrian Sevcenco wrote: > >> i was just blew away by this: > >> "What almost all commentators have missed is > >> that hidden away in the small print (and subsequently confirmed by our > >> specific query) is that if you want to be FIPS 140-2 compliant you MUST > >> use the compromised points." > >> > >> i even don't have words to comment on this!!! > > > > I tweeted about this exact point a few minutes ago; given the way and > > what is compromised in what manner, and then work back to what FIPS is, > > it helps dilute the shock. a bit. but then who's got the funds and > > resources to re-work the fips process with a new codebase ? Will Red Hat > ? > at this point i am thinking: why bother (with re-certification)? because > of this (among other things) the trust in "fips process" or other > "official" processes is in free fall.. IMHO underlying problem is not > that a cipher/process/code was compromised but that the supervising > _trustworthy_ entity is in fact not trustworthy at all! > > Adrian > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >