GOST in OPENSSL_BASE
Andrey Chernov
ache at freebsd.org
Mon Jul 11 22:35:43 UTC 2016
On 11.07.2016 21:07, Andrei wrote:
> On Mon, 11 Jul 2016 20:09:35 +0300
> Andrey Chernov <ache at freebsd.org> wrote:
>> Unfortunately, it affects normal people and organizations here,
>> including internet providers f.e. and not affects Putin or government
>> in any way. Documents workflow require digital signatures by GOST.
> Maybe russian GOST made with options to decrypt.. Nice backdoor from FSB? ;)
Official documents workflow use GOST signatures for authenticity and
consistency verification, so there is no harm to have FSB backdoor in
the algo, unless some hacker will find it. Just don't use GOST for
something else to stay on safe side.
BTW, latest GOST based on elliptic curves, so from math point of view
probability of having backdoor here is minimal.
See
https://ru.wikipedia.org/wiki/%D0%93%D0%9E%D0%A1%D0%A2_%D0%A0_34.10-2012
You can consider GOST goals are the same as FIPS ones with the reason to
have things "domestically produced".
More information about the freebsd-security
mailing list