It was open sourced from the start. There wasn’t a closed source time then open source it. It was dick swinging in the wind to start with ? Make up something creative for SyFy.
To build upon this, Dual_EC_DRBG was also developed by the NSA. We found out in 2013 that it was backdoored. But as far back as 2006, security researchers were side eyeing it. Why aren’t they side eyeing SHA?
But whatever the case may be,
Congratulations, you found the one accurate thing he said in the video. But are you really going to try and use additional conspiracy theory to dispute my points that Lunduke is indeed saying that HTTPS in compromised without a shred of actual evidence? You don’t have a leg to stand on here.
Also to follow up on one of my “as I recall” statements…
If the NSA did indeed insert a backdoor into SP 800-90, it was a peculiar effort. Of the 401 validated implementations of SP 800-90, only 66 even implement the algorithm. While implementations of it do exist in common software—Microsoft added it to Windows Vista Service Pack 1, for example, and it can be found in OpenSSL and many Java libraries too—its slow performance means that it isn’t ever likely to be a popular choice. Combined with the concerns about bias—known before the SP 800-90 was finalized—and the worries about NSA backdooring, and users are likely to be few and far between.
Emphasis mine. So it looks like I may be a little right and a little wrong. If I’m understanding correctly it sounds like of the 401 implementations that NIST knows about, 66 went through with the actual implementation. As noted in the second bolded section, not all implementations are created equal. Meaning implementation of the compromised RNG in Bob’s SSL Package has significantly less chance of any serious impact vs implementation in OpenSSL.
Edit:
Yup. Toward the end of the video, he gets real proud of his site that doesn’t use encryption. 
2 Likes
I won’t repeat what @Marten said above which is correct.
You should read the thread as we went over this area. The NSA is a multi functional organisation just like many are, they may make spy software, they also help make security software for the US gov. There is a reason NIST are fairly highly recognised and that these protocols and standards are put into FIPS etc.
Edit: Jumping on the NSA are the devil bandwagon because of one aspect of their work is poor, and leads to the kind of I’ll researched videos that lunduke has made here.
Note that no one either is saying the NSA are all good or don’t do shady things.
6 Likes
You guys are probably right. I need some time to read up on HTTPs and SHA.
2 Likes
Considering it takes one command to enable encryption, and if you wanted to you could make an explanation on your site about what it actually does and doesn’t protect, that’s just poor poor work.
There’s good and bad things about Https, he never mentioned any of them really. It’s a missed opportunity
4 Likes
Jesus this went up 50 posts in 1 morning.
Guys, theres no conversation here. Lunduke has lost it, crypto is important, leave it alone.
2 Likes
Apparently we do. @Tub isn’t the only person thinking concrete mathematical encryption with view able code is some how magically compromised by the spooky NSA, he’s just vocal.
if you have followed Lunduke long enough, you know he is saying these things and making clicbaits, not to say he is right, but to make you think about the subject. Talk about the subject.
Blind trust is shitty policy for our internet safety.
He even stated that there will be heated arguments in the comments. He is fishing the discussion.
Yes HTTPS might be today the thing to do and use, but i hope this will invoke better future with more secure solutions.
2 Likes
Yet Lunduke blindly trusts open source ? trust everyone else is checking the code ?
Well your ISP can data mine you on the sites you visit not what you did there.
1 Like
I knew that.
But not this:
Fortunately, no one is blindly trusting HTTPS or any of its underpinnings. We are indeed listening to security researchers.
The trust isn’t blind when the code is open sourced. By that train of though using any operating system at all is blind trust… doing anything at all on the internet is blind trust.
@Goalkeeper Correct, and if you use a separate DNS server outside of your ISP they can’t see what website you’re visiting either unless they’re sniffing DNS traffic. HTTPs encrypts the webpages completely so only you can see what you’re seeing.
2 Likes
True a VPN hides even the sites you visit from your ISP hence why they cant throttle netflix when you are on a VPN.
This tech is all open source and hence checked and is thumbs up good. White hat hackers are all over open source keeping it real.
If he had to make a response video, I am not sure if “Blind trust” is the point he is trying to make or that he was fishing the discussion in general.
Although that’s an interesting prospect if that were the case because of his choice of topics, HTTPS being dangerous (which I don’t think is true, especially not now). and Tech Religion where people get overzealous of tech companies or technologies. Like how some are overzealous for Open Source Software. Or how some are overzealous about Microsoft (trust me, they exist alright, I argued with a dolt on that minutes ago) or Apple, Google, etc. That they can “do no wrong” with no explanation.
2 Likes
That is true but it isn’t easy to be snooping without getting caught with Open Source software like HTTPS, they would be way better off going in bed with tech companies like Microsoft or Google if they wanted to do that.
Even so they should not be able to unless they got probable cause.
This isn’t what he thinks, he says as much in his new video.
1 Like
In other words the wery same thing.
His new video he says how he didn’t expect anything from it and that he thought it was boring. (though who’s to say if that’s true, or just for the video)
1 Like
I think he explains the previous video fairly well here. to raise discussion. Even one of the back ground text is:
"If we can’t openly criticize a communication protocol… we suck as nerds!"
And there is the spice in that short text too 
if you have listened the videos, you know what i mean.
So much rage with the kool-aid 
1 Like
Feel free to openly criticize a communication protocol. But if you’re not basing that criticism on facts, expect to be lambasted for it.
9 Likes