undefined | Better HN

0 pointsthrow0101c6mo ago0 comments

> "NOBUS" isn't a fallacy. We can build systems that have access mechanisms that are for all intents and purposes NOBUS.

Have any such system been built?

0 comments

commandersaki6mo ago

China iCloud? Not sure it is actually a NOBUS or just key escrow mechanism with administrative controls.

tptacek6mo ago

Have the private keys for Dual EC ever been disclosed, or is there any evidence of them having leaked?

AnthonyMouse6mo ago

Sort of:

https://blog.cryptographyengineering.com/2015/12/22/on-junip...

But also, Dual EC was suspected of being backdoored from day one, was slower than existing CSPRNGs, and was therefore avoided like the plague. Whereas the premise is that if you put all the world's secrets behind one set of keys, there doesn't exist a level of defense that can withstand the level of attacks that will attract. Which doesn't apply when it isn't widely used.

On top of that, the attackers would be the likes of foreign intelligence agencies, and then them not getting it and the public not hearing about them getting it are two different things.

tptacek6mo ago

That was a Juniper supply-chain backdoor, not a compromise of the Dual EC keys.

2 more replies

j / k navigate · click thread line to collapse

0 comments

commandersaki6mo ago

China iCloud? Not sure it is actually a NOBUS or just key escrow mechanism with administrative controls.

tptacek6mo ago

Have the private keys for Dual EC ever been disclosed, or is there any evidence of them having leaked?

AnthonyMouse6mo ago

Sort of:

https://blog.cryptographyengineering.com/2015/12/22/on-junip...

On top of that, the attackers would be the likes of foreign intelligence agencies, and then them not getting it and the public not hearing about them getting it are two different things.

tptacek6mo ago

That was a Juniper supply-chain backdoor, not a compromise of the Dual EC keys.

2 more replies

j / k navigate · click thread line to collapse