wolfSSL does _not_ implement Dual_EC_DRBG

Hi!  It is rare for a cryptography algorithm to make the pages of the popular press, but Dual_EC_DRBG has done just that!  The best article we`ve seen to date is Kim Zetter`s lucid article in Wired: https://www.wired.com/2013/09/nsa-backdoor/.

For the record, we have never implemented the Dual_EC_DRBG algorithm, nor gone so far as to set it as a default.  See:  http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html

We`re moths to the flame when it comes to alternative and new crypto, as witnessed by our implementations of NTRU, SHA-3, HC-128, and Rabbit.  We like trying new things and then benchmarking them in our test rigs, but on Dual_EC_DRBG, we passed.

All that said, we deliver our products in open source, and you and everyone else are welcome to inspect them.  Our position on our cryptography implementation follows:

1.  We can trace all of our code to a very limited set of developers in our company.  We are open source, but unlike some projects, we tightly control and inspect the code that goes into our mainline.

2.  Our code is vetted out not only by wolfSSL staff, but by a diverse and wide array of people in open source, cryptography, and commercial security companies.  

The above is not true for the OpenSSL project.  As Matthew Green says, OpenSSL is “a patchwork nightmare originally developed by a programmer who thought it would be a fun way to learn Bignum division.* Part of it is because crypto is unbelievably complicated. Either way, there are very few people who really understand the whole codebase.”  See:  http://blog.cryptographyengineering.com/2013/09/on-nsa.html.  Our thoughts on comparing CyaSSL to OpenSSL are here:  https://www.wolfssl.com/how-does-wolfssl-compare-to-openssl/, and here:  https://www.wolfssl.com/openssl-in-devices-gets-cracked-when-trying-to-enhance-randomness-2/

Finally, a comment from Bruce Schneier on staying Secure:  

“Closed-source software is easier for the NSA to backdoor than open-source software. “


We are open source, and we believe in open source.  Open source is the best way to develop, deliver, and support cryptography.  Ipso Facto.  Over and out from team wolfSSL.