PS3

I apologise for lack of content on this blog recently. I need to give some people a kick, so they start writing. In the meantime, here is some old “news”.

I am often asked: Can you name some commercial products which use ECC?

I usually answer: I don’t know.

But I know something: Sony uses ECDSA (elliptic curve digital signatures) for the playstation 3 as a way to authenticate software.

Unless you’ve been living under a rock, you will already know that Sony did not implement ECDSA properly (from what I have read, Sony used a fixed value in place of one that was supposed to be random for all signatures, leading to a standard textbook key-recovery attack). As a result, some hackers posted the private key for the signature scheme. Sony are responding in the expected way.

— Steven Galbraith

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to PS3

  1. David Jao says:

    OpenSSH 5.7, released on January 24, 2011, adds support for ECDH/ECDSA key exchange (http://openssh.com/txt/release-5.7). I suppose OpenSSH itself may not exactly count as commercial, but (as free software) it is certainly used in a lot of commercial products, and in fact its market share far exceeds that of the original, commercial SSH program published by Tectia.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s