Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They did have a backdoor in the Dual_EC_DRBG PRNG algorithm that was widely used. It's not a major operating system, but it was used in a lot of products.

https://en.wikipedia.org/wiki/Dual_EC_DRBG



There are diffeeent levels of ethics in hacking:

1) finding a bug and notifying the company

2) finding a bug and releasing/selling

3) finding a bug and using it

4) intentionally adding bugs to software without notifying anyone

5) intentionally adding bugs to software and claiming it's secure

This was level 5


You could potentially argue it's even worse. They paid RSA to intentionally add a bug so they can't be directly blamed for it.


finding a bug and releasing it, and finding a bug and selling it are hardly equivilent.


> NSA had worked during the standardization process to eventually become the sole editor of the Dual_EC_DRBG standard,

Yes that was a devilishly well executed backdoor, on so many levels.


Mostly on the political level; it was considered suspect by serious cryptographers essentially as soon as it was introduced.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: