Dan Shumow

Last updated March 21, 2025

This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these messages)

This biography of a living person needs additional citations for verification . Please help by adding reliable sources. Contentious material about living persons that is unsourced or poorly sourced must be removed immediately from the article and its talk page, especially if potentially libelous.
Find sources: "Dan Shumow" – news · newspapers · books · scholar · JSTOR (January 2017) ( Learn how and when to remove this message )

The topic of this article may not meet Wikipedia's notability guideline for biographies . Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted.
Find sources: "Dan Shumow" – news · newspapers · books · scholar · JSTOR (June 2023) ( Learn how and when to remove this message )

( Learn how and when to remove this message )

Dan Shumow is a cryptographer working at Microsoft Research.

At the CRYPTO 2007 conference rump session, Dan Shumow and Niels Ferguson presented an informal paper describing a kleptographic backdoor in the NIST specified Dual_EC_DRBG cryptographically secure pseudorandom number generator.^[1] The backdoor was confirmed to be real in 2013 as part of the Edward Snowden leaks.

Dan Shumow co-authored an algorithm for detecting SHA-1 collisions with Marc Stevens, prior to the demonstration of a SHA-1 collision.^[2]

In 2024, Dan Shumow co-authored a paper^[3] described an attack against the RADIUS protocol, allowing a man-in-the-middle able between client and server to forge a valid protocol accept message in response to a failed authentication request.

References

↑ Shumow, Dan; Ferguson, Niels. "On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng" (PDF).
↑ "SHAttered". shattered.io.
↑ "blastradius attack".

External links

Dan Shumow - Microsoft Research

Microsoft Research (MSR)

Main
projects

Languages, compilers	Bartok Bosque Cω F* Lean P Project Verona Phoenix Polyphonic C# SecPAL
Distributed–grid computing	BitVault Confidential Consortium Framework DeepSpeed Orleans
Internet, networking	AjaxView Avalanche Conference XP Gazelle HoneyMonkey Penny Black Wallop WikiBhasha
Other projects	Automatic Graph Layout Cognitive Toolkit Digits Holoportation IllumiRoom Image Composite Editor Infer.NET LightGBM LiveStation MyLifeBits Neural Network Intelligence NodeXL OneFuzz PhotoDNA SEAL SLAM T2 Temporal Prover WorldWide Telescope Z3 Theorem Prover
Operating systems	Barrelfish HomeOS Midori Singularity Verve
APIs	Accelerator Dryad Joins mimalloc
Launched as products	C# Comic Chat Detours F# Sideshow PixelSense (TouchLight) SenseCam ClearType Group Shot Allegiance TrueSkill Songsmith Xbox Kinect

MSR Labs
applied
research

Live Labs

Current	Pivot Seadragon Deep Zoom
Discontinued	Deepfish Listas Live Clipboard Photosynth

FUSE Labs

Other labs