Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Jul 2016 01:35:33 +0300
From:      Andrey Chernov <ache@freebsd.org>
To:        Andrei <az@azsupport.com>, freebsd-security@freebsd.org
Subject:   Re: GOST in OPENSSL_BASE
Message-ID:  <15c796c8-6512-da19-7155-81fc4a1bb424@freebsd.org>
In-Reply-To: <20160711200754.5abf2ae3@azsupport.com>
References:  <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <20160710150143.GK46309@zxy.spb.ru> <cb12083d-445a-ea19-5538-d670a89fcc6d@freebsd.org> <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org> <d4329543-0503-cfc0-eb17-378d561d4c0f@freebsd.org> <20160711102906.GN46309@zxy.spb.ru> <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com> <20160711163934.GD95302@home.opsec.eu> <20160711185409.640b2d4d@azsupport.com> <ff8156f0-720f-6ff6-559e-836905492746@freebsd.org> <20160711200754.5abf2ae3@azsupport.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 11.07.2016 21:07, Andrei wrote:
> On Mon, 11 Jul 2016 20:09:35 +0300
> Andrey Chernov <ache@freebsd.org> wrote:
>> Unfortunately, it affects normal people and organizations here,
>> including internet providers f.e. and not affects Putin or government
>> in any way. Documents workflow require digital signatures by GOST.

> Maybe russian GOST made with options to decrypt.. Nice backdoor from FSB? ;) 

Official documents workflow use GOST signatures for authenticity and
consistency verification, so there is no harm to have FSB backdoor in
the algo, unless some hacker will find it. Just don't use GOST for
something else to stay on safe side.

BTW, latest GOST based on elliptic curves, so from math point of view
probability of having backdoor here is minimal.
See
https://ru.wikipedia.org/wiki/%D0%93%D0%9E%D0%A1%D0%A2_%D0%A0_34.10-2012
You can consider GOST goals are the same as FIPS ones with the reason to
have things "domestically produced".




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15c796c8-6512-da19-7155-81fc4a1bb424>