Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

NIST Revises Key Computer Security Publication on Random Number Generation

posted by janrinok on Saturday June 27 2015, @07:17PM   Printer-friendly
from the I've-been-waiting-5,9,1,2,1,8-days-for-this dept.

AnonTechie writes:

In response to public concerns about cryptographic security, the National Institute of Standards and Technology (NIST) has formally revised its recommended methods for generating random numbers, a crucial element in protecting private messages and other types of electronic data. The action implements changes to the methods that were proposed by NIST last year in a draft document issued for public comment.

The updated document, "Recommendation for Random Number Generation Using Deterministic Random Bit Generators," describes algorithms that can be used to reliably generate random numbers, a key step in data encryption.

One of the most significant changes to the document is the removal of the Dual_EC_DRBG algorithm, often referred to conversationally as the "Dual Elliptic Curve random number generator." This algorithm has spawned controversy because of concerns that it might contain a weakness that attackers could exploit to predict the outcome of random number generation. NIST continues to recommend the other three algorithms that were included in the previous version of the Recommendation document, which was released in early 2012.

http://phys.org/news/2015-06-nist-key-random.html

[Source]: http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918489

[Document]: http://dx.doi.org/10.6028/NIST.SP.800-90Ar1 (PDF, 109 Pages)

Original Submission

 
This discussion has been archived. No new comments can be posted.
NIST Revises Key Computer Security Publication on Random Number Generation | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by martyb on Saturday June 27 2015, @07:47PM

    by martyb (76) Subscriber Badge on Saturday June 27 2015, @07:47PM (#202195) Journal

    According to https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]:

    Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) is an algorithm from the branch of cryptography known as elliptic curve cryptography that implements a cryptographically secure pseudorandom number generator (CSPRNG) capable of generating a random bit stream. The algorithm is based on the mathematics of the elliptic curve discrete logarithm problem (ECDLP). Despite public criticism, it was for some time one of the four (now three) CSPRNGs standardized in NIST SP 800-90A as originally published circa March 2007.

    Weaknesses in the cryptographic security of the algorithm were known and publicly criticised well before the algorithm became part of a formal standard endorsed by the ANSI, ISO, and formerly by the National Institute of Standards and Technology (NIST). One of the weaknesses publicly identified was the potential of the algorithm to harbour a backdoor advantageous to the algorithm's designers—the United States government's National Security Agency (NSA)—and no-one else. In 2013, the New York Times reported that documents in their possession but never released to the public "appear to confirm" that the backdoor was real, and had been deliberately inserted by the NSA as part of the NSA's Bullrun decryption program. In December 2013, a Reuters news article alleged that in 2004, before NIST standardized Dual_EC_DRBG, NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library, which resulted in RSA Security becoming the most important distributor of the insecure algorithm. RSA responded that they "categorically deny" that they had ever knowingly colluded with the NSA to adopt an algorithm that was known to be flawed, saying "we have never kept [our] relationship [with the NSA] a secret".

    Further reading: The Many Flaws of Dual_EC_DRBG [cryptographyengineering.com].

    --
    Wit is intellect, dancing.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 3, Informative) by frojack on Saturday June 27 2015, @08:31PM

    by frojack (1554) on Saturday June 27 2015, @08:31PM (#202210) Journal

    Of course there were a lot of (read: almost all of them) Linux distributions that were well aware of the controversy dating back to the inception of Dual_EC_DRBG and never did turn that option on (it was also dog slow), even when it was used RSA software.

    Since just about nobody was using Dual_EC_DRBG, the effect of the backdoor was essentially nil [ycombinator.com].

    There are those that suspect pushing an already suspect Dual_EC_DRBG into national standards was merely a diversion, and other weaknesses were known or introduced more subtly.

    --
    No, you are mistaken. I've always had this sig.