Date: Tue, 12 Jul 2016 01:35:33 +0300 From: Andrey Chernov <ache@freebsd.org> To: Andrei <az@azsupport.com>, freebsd-security@freebsd.org Subject: Re: GOST in OPENSSL_BASE Message-ID: <15c796c8-6512-da19-7155-81fc4a1bb424@freebsd.org> In-Reply-To: <20160711200754.5abf2ae3@azsupport.com> References: <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <20160710150143.GK46309@zxy.spb.ru> <cb12083d-445a-ea19-5538-d670a89fcc6d@freebsd.org> <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org> <d4329543-0503-cfc0-eb17-378d561d4c0f@freebsd.org> <20160711102906.GN46309@zxy.spb.ru> <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com> <20160711163934.GD95302@home.opsec.eu> <20160711185409.640b2d4d@azsupport.com> <ff8156f0-720f-6ff6-559e-836905492746@freebsd.org> <20160711200754.5abf2ae3@azsupport.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11.07.2016 21:07, Andrei wrote: > On Mon, 11 Jul 2016 20:09:35 +0300 > Andrey Chernov <ache@freebsd.org> wrote: >> Unfortunately, it affects normal people and organizations here, >> including internet providers f.e. and not affects Putin or government >> in any way. Documents workflow require digital signatures by GOST. > Maybe russian GOST made with options to decrypt.. Nice backdoor from FSB? ;) Official documents workflow use GOST signatures for authenticity and consistency verification, so there is no harm to have FSB backdoor in the algo, unless some hacker will find it. Just don't use GOST for something else to stay on safe side. BTW, latest GOST based on elliptic curves, so from math point of view probability of having backdoor here is minimal. See https://ru.wikipedia.org/wiki/%D0%93%D0%9E%D0%A1%D0%A2_%D0%A0_34.10-2012 You can consider GOST goals are the same as FIPS ones with the reason to have things "domestically produced".
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15c796c8-6512-da19-7155-81fc4a1bb424>