NIST drops NSA-backed algorithm from encryption recommendations
Posted on 23 April 2014.
"Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators," the organization has announced.

The cryptographic algorithm in question is the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), the trustworthiness of which was put into question by last year's revelation that the NSA has influenced the NIST and the International Organization for Standardization to adopt it as part of an encryption standard. The Dual_EC_DRBG, it was revealed, had a weakness known at the time only to the intelligence agency.

NIST has reacted to this by reopening the public comment period for the standard that included the algorithm and the drafts of several others, saying that if vulnerabilities are found in these or any other NIST standards, they will work with the cryptographic community to address them as quickly as possible.

While is yet to definitely and permanently implement the change in the final version of the document (Recommendation for Random Number Generation Using Deterministic Random Bit Generators), they have already decided to remove the algorithm based on their own evaluation, but also on the loss of trust by the public.

"NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm and not wait for further revision of the Rev. 1 document," they concluded, adding that federal agencies should make sure to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and to ask them reconfigure those products to use alternative algorithms if they do.

Alternative random number generators that will continue to be backed by NIST are Hash_DRBG, HMAC_DRBG, and CTR_DRBG.

The institute has also provided a helpful list of cryptographic modules and details about the random number generator(s) they use.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //