Serious vulnerability found in elliptic curve PRNG - cryptographers freak out.

  800_90 backdoor constants crypto cryptology elliptic_curves math nist number_theory points pseudorandom_numbers schneier uh_oh wtf

A major component of cryptographic systems are pseudorandom number generators used to pull values out of thin air for the purposes of generating session keys and the bignum components of crypto keys, among other things. This is done so that an eavesdropping attacker can't predict ahead of time what a particular key is going to be and decrypt traffic as it's transmitted. Another reason is that it's easier to generate a pseudorandom number and check it for certain properties all at once than it is to work up such a number by hand and check it against those properties every …

Read more...