Er no. Definitely not a closed system.

It's a signature algorithm. It should take any input and sign it.

Yup. The computers are not the free variable. The competence of the teacher is.

I don't run around condemning people. There's a big different between 'you suck' and thinking someone sucks.
 

I wasn't alive at that time and the world was a very different place. These days, if you live in Europe or America you are more likely to have your talents directed towards ill advised wars for the wrong reasons. If you were a French engineer developing missiles you would have found them being used against your NATO allies, casting doubt on the alliance.

The world is asymmetric. Not all choices are morally equal.

I admit It doesn't really reach the modern pedagogical standards that (the rare examples of) solid educational research has established. But that wasn't what I was aiming for.

So it can whack him in the head each time the crackshaft rotates?

If they are really fools, they'd benefit by picking up a text book and studying until they are no longer fools.

Soldiers eat baked beans. Step away from that tin can.

Well choosing to follow a path that leads to more people being killed more efficiently seems evil to me. That's why I avoided doing that in my career, where it was a very real option, and I judge those that came to the wrong decision poorly.

>we're talking about ivory-tower researchers whose work is mostly not applicable to either the real world or the digital one.

Actually I could do with a few hard core mathematicians. I have some very real world cryptographic implementation issues that pivot on the truth of some heavily ivory-tower-esque mathematical questions.

There are companies that can and do employ academic mathematicians and appreciate the work they do. Both large corps and small companies.

There's probably an old professor somewhere who is amazed that elliptic curves in additive groups are at the center of real world crypto battles and people really do lobby their governments over curve choice.

The IACR stood up. Slashdot reported on it: here

Ask yourself why you weren't alarmed by the dual-ec-drbg until the Snowden thing happened.

Those of us who were having to make decisions about the design and deployment of RNGs prior to Snowden were under no illusion that it wasn't backdoored and acted accordingly. The papers were published. The facts were known. Snowden added nothing but publicity and drew focus from the media.

I would express my opinion on it to anyone who's eyes wouldn't glaze over, which it approximately nobody who didn't already know. Nowadays, people ask me to explain it, because it's interesting to them, because it was in the media.

For the record, the CTR-DRBG is fine, but inefficient. The hash and HMAC-DRBGs offer less performance for more hardware or cycles. The dual-ec-drbg was horrible from any implementation angle even before you consider it was broken. So you could be justifiably suspicious of anyone choosing to implement it in place of one of the other three options. The sad thing is number theory methods offer lots of benefits, but the dual-ec-drbg has screwed the whole field. I predict that you will not be seeing an EC based PRNG in NIST or ISO or the IEEE any time in the next decade.

Its the difference between "turn it off" and "I don't want this to be on my computer in the future".

It's a benefit to you if you want to prevent someone with physical access to be able to turn it on then use it as a remote attack vector later.

Straight from the NSA activity book for kids. I have a copy. They give (or gave) them away at the museum next door.