Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption

Cryptographer Announces $12K Bounty to Find the Lost Seeds to 5 NIST Elliptic Curves (filippo.io) 43

Long-time Slashdot reader mejustme writes: The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery."

That's from the blog of Filippo Valsorda, who was in charge of cryptography and security on the Go team at Google until 2022, (and was on the Cryptography team at Cloudflare until 2017). But more importantly, he adds that "I'm announcing a $12,288 bounty for cracking these five hashes, tripled to $36,864 if the recipient chooses to donate it to a 501(c)(3) charity of their choice."

There are hints to which phrase was used as the seed. [Before his death] Dr. Jerry Solinas said he thought he'd used something similar to "Jerry deserves a raise.

This discussion has been archived. No new comments can be posted.

Cryptographer Announces $12K Bounty to Find the Lost Seeds to 5 NIST Elliptic Curves

Comments Filter:
  • by ls671 ( 1122017 ) on Sunday October 08, 2023 @09:48AM (#63909817) Homepage

    Our DB admin passed away so we lost the database admin password.

    • How rude of him.

    • by znrt ( 2424692 ) on Sunday October 08, 2023 @10:05AM (#63909837)

      that seed isn't really relevant, nobody needs to know what it was. what's relevant here is that high order brain activity after death has been demonstrated:

      Dr. Jerry Solinas, passed away in early 2023 ... thinks he used something similar to "Jerry deserves a raise.

      • They must have used a Neuralink then. Interesting feature.

      • They had to get an advanced medium who knows how to do an encrypted channel.

      • that seed isn't really relevant, nobody needs to know what it was. what's relevant here is that high order brain activity after death has been demonstrated:

        Dr. Jerry Solinas, passed away in early 2023 ... thinks he used something similar to "Jerry deserves a raise.

        "The quick round Russian hacker jumped over the lazy System Administrator."

      • that seed isn't really relevant, nobody needs to know what it was. what's relevant here is that high order brain activity after death has been demonstrated:

        Dr. Jerry Solinas, passed away in early 2023 ... thinks he used something similar to "Jerry deserves a raise.

        Funny, but the actual point here is to see if they were really seeded from something not carefully selected to have a back door.

        There has long been a vague suspicion that the NIST elliptic curves are backdoored, that the values were chosen very specifically to exploit some subtle mathematical structure the NSA knows about, allowing it to defeat the security of the curves when it chooses to. If the values instead turn out to be something like SHA1("Jerry deserves a raise") then we'll have pretty strong evi

      • It's OK, before he died he said he'd have a USB key flown to me with the seeds on it. He entrusted it to some caterer he knew, Yevgeny Pritkin or something, he was going to deliver it via his private Embraer Legacy 600.

    • Passwords like that should always be written down, placed in a sealed envelope and stored in a safe location. One good way is to have the company's attorney keep it in his safe. Another is to put it in a safe deposit box with the key held by somebody trusted, such as that attorney.
  • Was going to be, "Jerry's not here right now [clip.cafe]" which is a phrase from the movie 40 Days and 40 Nights [imdb.com], but the movie came out in 2002, so after the seeds were created.

    As a side note, considering how often we talk about backups, did it never occur to someone, even Jerry, that those seeds should be recorded somewhere? As one of the first posts relates, if something happens to someone who has all the keys, and nothing is written down, you're locked out.

    • by dknj ( 441802 )

      could be recorded somewhere

      Do you have a posthumous plan for your shared keys? Didn't think so. Once you die, your next of kin will probably just format your hard drives once they figure out the wifi password

      • 1) I have no next of kin.

        2) My current kin have no idea how to format anything.

        3) I have written down all the passwords for my accounts, banking or otherwise, and have a duplicate copy.

        Next question?

        • by pjt33 ( 739471 )

          If you have current kin, you have next of kin. It doesn't mean descendants: it means the nearest relative(s).

        • by XXongo ( 3986865 )

          1) I have no next of kin.

          Everyone has next of kin, unless they were spawned by spontaneous generation.

          What you must mean is "I don't know who my next of kin is."

          • Example: Single child, never married, is of old age, passed away parents had no brothers or sisters, etc.
            Of course, technically everyone in the world has a very distant "next of kin". Figuring out exactly who that is could be practically impossible.

            • Figuring out exactly who that is could be practically impossible.

              We are not in Medieval Europe during the Dark Ages. Unless someone has zero records everywhere, it is not impossible especially in an era where entire family genealogies and government records are online. Realistically if deceased person has no identity, it would be harder but DNA is increasingly overcoming that obstacle.

            • by DarkOx ( 621550 )

              believe it or not the probate courts will in many cases walk up the family tree quite a bit it depends a lot on state law. Those movies where someone finds out their distant cousin they never knew about passed away and they are to inherit the farm stead are not entirely fictional.

              In some parts of the country it is a big problem because certain classes of individuals with lower literacy rates tended have property go in probate more often and again due to a period where human property was a thing here in the

    • by ceoyoyo ( 59147 )

      It's not a key, it's a seed used to generate a key. Do you know the seed you used to generate your SSH keys?

  • by dfm3 ( 830843 ) on Sunday October 08, 2023 @11:15AM (#63909931) Journal
    SEED = SHA1("Be sure to drink your Ovaltine.")
  • There's no value in recreating these values. Seriously, none. The best case scenario is wasting a huge amount of resources (electricity and brainpower) and finding the pre-seed which some folks will only take as evidence of being spiked. The worst case scenario is wasting a huge amount of resources and not find it, thereby fueling suspicions even more than before. There is no winning.

    The ONLY way to eliminate uncertainty is to switch to using a set of impossible to spike (e.g. the first X digits of the cube

    • There's no value in recreating these values. Seriously, none.

      I'm guessing you're not big on museums then.

  • "The Magic Words are Squeamish Ossifrage"
  • because there is no way they passed up that temptation.
  • Food for thought.

  • Tainted with NSA involvement like with Dual_EC_DRBG.

    And then they lack a sound rubric or evidence for construction of cryptographic primitives. NIST has gone full Idiocracy.

You are always doing something marginal when the boss drops by your desk.

Working...