NIST finally dumps NSA-tainted random number algorithm

Status
Not open for further replies.

Dima007

Level 23
Thread author
Verified
Well-known
Apr 24, 2013
1,200
NIST (the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce, has formally removed Dual_EC_DRBG from its draft guidance on random number generators.

This is an odd episode, and the oddness seems to have eluded many observers. The outrage switched on late last year when one of the Snowden leaks indicated that the NSA had intentionally inserted weaknesses into a NIST standard for random number generation, a key component of secure cryptography. Sources told Reuters that RSA Security had entered into $10 million of secret contracts with the NSA, a provision of which was to make the weakened algorithm the default choice in their products. RSA denied the charge.

Why this should have surprised anyone is hard to understand. Problems with Dual_EC_DRBG were first reported almost eight years ago and in 2007 Dan Shumow and Niels Ferguson of Microsoft showed, as Bruce Schneier put it at the time, "...the algorithm contains a weakness that can only be described a backdoor." (Schneier's article in Wired is offline for some reason; click here for the Google cache version.)

Read more: http://www.zdnet.com/nist-finally-dumps-nsa-tainted-random-number-algorithm-7000028692/
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top