http://gcn.com/articles/2013/09/17/nist-cryptography-standard.aspx
By Kevin McCaney
GCN.com
Sep 17, 2013
While the National Institute of Standards and Technology reopens public
review of several of its cryptographic standards, it is "strongly"
advising against using one of the standards for elliptic curve
cryptography -- a standard that cryptographers have long suspected
contained a back door, whether it was put there intentionally or not.
The standard in question, known as Dual_EC_DRBG, is included in Special
Publication 800-90A, one of three publications NIST has reopened in wake
of reports that the National Security Agency had tampered with their
development. Although the initial reports in the Guardian, New York Times
and ProPublica, based on the Snowden documents, didn’t say which standard
or standards had been compromised, the Times subsequently reported that
NSA had installed a back door in Dual_EC_DRBG during its development. NIST
adopted the standard in 2006.
Dual_EC_DRBG -- full name Dual Elliptic Curve Deterministic Random Bit
Generation -- is one of four algorithms included in SP 800-90A. The others
are based on hashing, block cypher encryption and hash message
authentication code (HMAC). SP 800-90A is titled Recommendations for
Random Number Generation Using Deterministic Random Bit Generators. The
other publications being reopened are 800-90B, which addresses entropy
sources in random bit generators, and 800-90C, which addresses random bit
generator constructions.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
