@mpoletiek @aral and also even if they commit any code that has "glowie aura" it would still face rigorious examination.

Cuz the people at #OpenSSL and #OpenSSH are very restrictive in adding stuff, which is why #DUAL_EC_DRBG, #Speck and other #Govware didn't make it into those...

@bsi @bmi @AuswaertigesAmt Oder wurden jemals für [westliche] #Govware #Konsequenzen gezogen?

Egal ob #DUAL_EC_DRBG [ https://de.wikipedia.org/wiki/Dual_EC_DRBG ] oder #NSAKEY [ https://de.wikipedia.org/wiki/NSAKEY ] oder der #CryptoAPI - #Backdoor in #Windows [ https://github.com/kkarhan/windows-ca-backdoor-fix ] ???

@TimWardCam @bert_hubert

Also you're overexaggregating cuz if customers of ANY kind would take #ITsec seriously, then participation in programs like #PRISM and integrating #Govware like #DUAL_EC_DRBG would not only be considered #felonies [which they are: it's called #espionage] but be entirely banned from selling their products at all.

https://c.im/@TimWardCam/110050473138001348

@ManningPublications "In Implementing and Exploiting Cryptography you’ll find unique guidance for creating strong cryptography that can withstand attempts to exploit it including: * DUAL_EC_DRBG random number generator using Go’s elliptic curve library * ..."

Come again!?

#DUAL_EC_DRBG is a top example for secure #cryptography?

What's next, single-round MD5 for password hashing? DES ECB for full disk encryption? Secure keybit generators such as A5/1?

@peepstein not shure what standards you mean.

IMHO their stuff is pretty solid and once setup properly they have sane defaults on.

Proper & documented setup is key to it.

Considering #Govware like #DUAL_EC_DRBG, #Cisco et. al. are banned until they apologize for it x3 the duration it took them.