Dual_EC_DRBG is actually used in real life products:
> we know the RSA BSAFE library uses Dual_EC_DRBG (...) by default, I would guess that this would be the main vector.
> As for the use of BSAFE, I can easily find (hint: use your favourite search engine to search for the terms "This product includes" "RSA BSAFE") implementations, oddly skewed towards imaging and gaming devices: surprisingly many printer/copier/fax devices use BSAFE, though for unknown purposes. Including Ricoh, Minolta, Océ/Canon, Brother, Fuji/Xerox, Epson ... Your Playstation (PDF), PSP, or your Nintendo DS wifi (PDF) Software from Adobe, Hitachi, Oracle and HP Some Nokia phones(PDF)
Still it's misleading when you present it as something not important "because it's not used"! It is used. You don't give any arguments against that fact. Especially if we're serious about the crypto we shouldn't hand-wave but analyze the existing uses and take the steps to fix the issues.
Your insistence to the approach "nothing to see here move along" even after everything discovered up to now makes me wonder about your motives. Care to explain them? Almost as if there is even more that can be seen if we try to and you want to prevent that.
Can you tell me why I'd care what you think of my motives? The question makes me think less of you already. Maybe we're better off not knowing each other any better.
We as humans try to find the patterns and discover the causes. My question to you was nothing more than the attempt to get the direct information regarding your insistence to the unusual approach (repeating the claims that it's unimportant, ignoring the explicit examples of the uses of the compromised mechanism) to the topic we comment to. My question reflects my (maybe false) belief that there must be a reason for that. I believed it's better asking you directly than trying to devise some theories like some other users already did.
"I'm just questioning your motives. At least I didn't present a fully-formed hypothesis about how evil you were, like everyone else does". Got it.
How about this: if you think I get facts wrong or disagree with my conclusions, you say so. If I'm wrong --- not outside the realm of possibility --- I'll thank you for the correction.
I don't care what you think about my motives and am not interested in discussing that topic.
Dual_EC_DRBG is actually used in real life products:
> we know the RSA BSAFE library uses Dual_EC_DRBG (...) by default, I would guess that this would be the main vector. > As for the use of BSAFE, I can easily find (hint: use your favourite search engine to search for the terms "This product includes" "RSA BSAFE") implementations, oddly skewed towards imaging and gaming devices: surprisingly many printer/copier/fax devices use BSAFE, though for unknown purposes. Including Ricoh, Minolta, Océ/Canon, Brother, Fuji/Xerox, Epson ... Your Playstation (PDF), PSP, or your Nintendo DS wifi (PDF) Software from Adobe, Hitachi, Oracle and HP Some Nokia phones(PDF)