Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dual Elliptic Curve Deterministic Random Bit Generation 安全漏洞
Vulnerability Description
Dual Elliptic Curve Deterministic Random Bit Generation(Dual_EC_DRBG)是美国国家标准技术研究院(NIST)所研发的一套随机数生成技术标准。该标准主要用在加密工具中,在加密数据时生成随机数。 Dual_EC_DRBG中的NIST SP 800-90A默认配置中存在安全漏洞,该漏洞源于算法中包含的‘point Q’常量可以确定‘万能密钥’值。上下文相关的攻击者可通过已知的值利用该漏洞破坏加密保护机制。
CVSS Information
N/A
Vulnerability Type
N/A