Dropping USB keys in parking lots is a known way to infect a network. Any Google employee competent enough to use bitcoin should hopefully also know that picking up random USB keys is a bad idea.

https://www.schneier.com/blog/...

I once got asked a question which I found hurtful and offensive, and felt tempted to 'blow up' the interview at that point. Fortunately, I resisted the temptation. As it turns out, the question was his way of introducing the next thing, which was telling me that he was offering me the job.

Being limited by floppy disk support requirement sounds like a bad joke. Is that really relevant for any computer which is not hopelessly antiquated in 2014? For reference, Apple stopped shipping floppy disk drives by default in 1998.

Here's my report on the actual ruling which is being reviewed: 2nd Circuit affirms denial of plaintiffs' preliminary injunction motion in WNET v Aereo

I guess it would take a litigator to notice this, but it's quite unusual that a preliminary injunction denial would be getting this kind of appellate attention.

In the first place, it was unusual for an interlocutory appeal to be granted from the denial of the preliminary injunction motion. In federal court usually you can only appeal from a final judgment.

Similarly, apart from the fact that it's always rare for a certiorari petition to be granted, it's especially tough where the appeal is not from a final judgment, but just from a preliminary injunction denial which does not dispose of the whole case.

"Any headline which ends in a question mark can be answered by the word no."

> Then all that happens is we adopt those other schemes faster

But what of all the encrypted old traffic that the NSA has stored?

> the developers are staying anonymous because they probably fear the inevitable copyright lawsuits

So Kanye West wrote the code for the platform, and therefore owns the copyright to the code, and they pirated it? Why else would they fear a copyright lawsuit?

So an anonymous manager - manager! - thinks it isn't a big deal. They couldn't find an actual cryptographer to quote? While all the cryptographers do think it is a big deal. This is not an issue where there is real discussion. It is not me who are exaggerating, it is you who are understating the issue.

Many news articles in mainstream media have pointed out that it is a non-denial. If RSA Security was innocent, it would be the easy to just issue a new press release saying unambiguously that no contract existed. Why hasn't RSA Security done that?

I think the backdoored Dual_EC_DRBG still as forward security. xorshift64 doesn't have forward security, if nothing else then because the period is small enough that you can brute force search it.

If you can choose P and e, then you can easily calculate Q=eP. It it only if you start with P and Q given that you can't find e.

> In short, as is the case with many conspiracy theories all you have is a collection of things that are suggestive, not definitive.

When you design a standard, one of the design criteria is that it does not allow for even a potential a backdoor. See fx https://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number . It is most definitive that Dual_EC_DRBG should never have been approved given the knowledge available at the time of how to prevent any possible backdoor.

You need to read it like a lawyer. Take the first claim for example

> Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

Note what is not denied:

* It is not denied that the contract existed
* It is not denied that they set Dual_EC_DRBG as default as a result of the contract
* It is not denied that the contract was secret (they do later deny that their relationship with NSA in general was not secret, which is correct, but does not preclude one contract from being secret)

They only thing they deny is that they knew that Dual_EC_DRBG contained a backdoor when they made the secret contract to set it as the default.

The same with their other non-denials.

I have been adding various facts to the Wikipedia article on Dual_EC_DRBG. A good deal of the most interesting points have not been reported in mainstream media.

* The ANSI group which standardize Dual_EC_DRBG were aware of the potential for a backdoor.
* Three RSA Security employees were listed as being in that ANSI group, making RSA Security's claim innocence claim shaky, since it is less likely that RSA Security didn't know about the back door when NSA paid them $10 million to use Dual_EC_DRBG as default.
* Two Certicom members of the ANSI group wrote a patent which describes the backdoor in detail, and two ways to prevent it.
* Somehow the ways to prevent the backdoor only make it into the standard as non-default options.
* Somehow the people on the ANSI group forget to publicize the potential for a backdoor. Especially Daniel brown of Certicom (co-author of the patent), who also wrote an attempt at a mathematical security reduction for Dual_EC_DRBG, but somehow forgets to explicitly mention the backdoor. The conclusion in Brown's paper also seems very determined to hype Dual_EC_DRBG, whereas the other papers about Dual_EC_DRBG seem excited to hype the errors they find.
* The potential backdoor only becomes public knowledge in 2007.
* Daniel Brown writes in December 2013 that "I'm not sure if this was obvious." and "All considered, I don't see how the ANSI and NIST standards for Dual_EC_DRBG can be viewed as a subverted standard, per se.".

Certicom is the main inventor and patent-holder for elliptic curve cryptography. The two Certicom employees failing to warn or prevent the backdoor they clearly know was possible doesn't reflect well on Certicom.