But in all generality, if your key generation tool uses a deliberately weak PRNG, then you lose. (If we want to nitpick, it goes the other way round: the known backdoor in Dual_EC_DRBG is easier to leverage if Dual_EC_DRBG was used to produce an ElGamal key than a RSA key. Therefore, existence of poor, weak PRNG is in no way a reason to prefer ElGamal over RSA. But if you use Dual_EC_DRBG to generate an ElGamal key pair, then you are equally hosed. What can be backdoored is the PRNG used in a specific implementation of the key pair generation algorithm. The bottom-line is that RSA, the asymmetric algorithm, is in no way "backdoored". Anyway, they sold the company two decades ago. Basically, Rivest is called Rivest when he invents cryptographic algorithms, and he is still called Rivest when he founds companies. That company is called "RSA" because it was founded by Rivest, Shamir and Adleman, the three researchers that also invented the asymmetric algorithm RSA and named it that way for exactly the same reason. One software vendor who implemented Dual_EC_DRBG and supplied it to its customers was RSA Security.An asymmetric cryptographic algorithm uses keys that must be randomly generated at some point the key generation algorithm requires a stream of random bits to work over, normally supplied by a cryptographically strong PRNG (so potentially Dual_EC_DRBG, or just any other PRNG).Now what is the source of the confusion ? It is twofold: A PRNG produces an endless stream of unpredictable bits this is something that RSA does not do.
RSA can be used for asymmetric encryption and for digital signatures.
0 kommentar(er)
