Forums
Nov 15Elliptical Curveball
by in CodeSOD on 2015-12-07Why is it that you hear people saying, “don’t roll your own crypto”? It can’t be that bad, right? I mean, if the code gives the correct outputs when given the correct inputs?
Everything in cryptography depends upon “high quality” random numbers, and lots of them. People get into semi-informed flamewars about what “entropy” means, government agencies sneak backdoors into algorithms, performance matters, secrecy matters, and unpredictability matters. The standard which defines four randomness generators is NIST Special Publication 800–90. One of the four raised suspicions because it (Dual_EC_DRBG) was three times slower than any of the others.