Skip to content ↓ | Skip to navigation ↓

The National Institute of Standards and Technology (NIST) has made the decision to abandon a controversial cryptographic algorithm used for random number generation in the wake of allegations that the National Security Agency may have weakened the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) for the benefit of their surveillance activities.

Based on concerns over the algorithm, NIST had recently commenced a public comment period on the embattled algorithm so that researchers could further examine the encryption standard and its overall reliability.

“We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place. NIST would not deliberately weaken a cryptographic standard,” NIST officials stated previously. “If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible.”

NIST has officially announced the decision to remove the cryptographic algorithm from its revised guidance on random number generators provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST Special Publication 800-90A, Rev. 1).

“The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data,” NIST stated. “It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible.”

The organization made the decision after strong suspicion that the NSA “backdoored” the random bit generator by weakening the encryption process, leaving NIST is in the awkward position of having to announce that they could not endorse their own encryption standard anymore because “recent community commentary has called into question the trustworthiness of these default elliptic curve points.”

Last September, security firm RSA sent an advisory to their developer customers warning against use of a toolkit that employs an NIST encryption algorithm by default that is suspected to have been “backdoored” by the NSA, and in October secure global communications provider Silent Circle announced they would replace NIST cipher suites in their products.

“This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure. It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs,” wrote Silent Circle co-founder John Callas of the decision.

Read More Here…

10 Ways Tripwire Outperforms Other Cybersecurity Solutions
  • eddiebates23

    Americans Right to Privacy has solutions and I am anxious to share them with you. We offer secure, encrypted email, a Virtual Private Network (VPN) which secures your computer's internet connection, to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. Also a "Swiss Bank Account for your Data" Digital Safe! And we have rolled out Secure Swiss Web Hosting! Why secure your data in Switzerland? Because Switzerland is known for its strict data privacy laws, has no back door access to encryption for any government agency, not even Switzerland itself
    We offer a professional global email service solution for both personal and business use. PrivacyAbroad email service is free of advertising, SPAM and provides private communication with your emails saved and backed up in Switzerland, renowned for its strong data privacy protection laws. Email comes with 1 GB of expandable storage space.
    If governments and "free" email providers can peek through your webcam, read your emails and look inside
    your computer, so can the criminals.
    There is data security, and then there is Swiss data security.

<!-- -->