In response to public concerns about cryptographic security, the National Institute of Standards and Technology (NIST) has formally revised its recommended methods for generating random numbers, a crucial element in protecting private messages and other types of electronic data. The action implements changes to the methods that were proposed by NIST last year in a draft document issued for public comment.
The updated document, "Recommendation for Random Number Generation Using Deterministic Random Bit Generators," describes algorithms that can be used to reliably generate random numbers, a key step in data encryption.
One of the most significant changes to the document is the removal of the Dual_EC_DRBG algorithm, often referred to conversationally as the "Dual Elliptic Curve random number generator." This algorithm has spawned controversy because of concerns that it might contain a weakness that attackers could exploit to predict the outcome of random number generation. NIST continues to recommend the other three algorithms that were included in the previous version of the Recommendation document, which was released in early 2012.
http://phys.org/news/2015-06-nist-key-random.html
[Source]: http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918489
[Document]: http://dx.doi.org/10.6028/NIST.SP.800-90Ar1 (PDF, 109 Pages)
(Score: 4, Interesting) by martyb on Saturday June 27 2015, @07:47PM
According to https://en.wikipedia.org/wiki/Dual_EC_DRBG [wikipedia.org]:
Further reading: The Many Flaws of Dual_EC_DRBG [cryptographyengineering.com].
Wit is intellect, dancing.
(Score: 3, Informative) by frojack on Saturday June 27 2015, @08:31PM
Of course there were a lot of (read: almost all of them) Linux distributions that were well aware of the controversy dating back to the inception of Dual_EC_DRBG and never did turn that option on (it was also dog slow), even when it was used RSA software.
Since just about nobody was using Dual_EC_DRBG, the effect of the backdoor was essentially nil [ycombinator.com].
There are those that suspect pushing an already suspect Dual_EC_DRBG into national standards was merely a diversion, and other weaknesses were known or introduced more subtly.
No, you are mistaken. I've always had this sig.