The National Institute of Standards and Technology (NIST) announced the initiation of an independent panel review of the institute’s cryptographic standards and guidelines program to assess the existing cryptographic standards and guidelines as well as the processes used in their developed in the aftermath of the NSA revelations.
NIST’s primary advisory committee, the Visiting Committee on Advanced Technology (VCAT), will coordinate the review by a panel of experts including Vint Cerf of Google, Edward Felten of Princeton University, Steve Lipner of Microsoft Corporation, Bart Preneel of Katholieke Universiteit Leuven, Ellen Richey of Visa Inc., Ron Rivest of the Massachusetts Institute of Technology (MIT), and Fran Schrotter of the American National Standards Institute (ANSI).
“Our mission is to protect the nation’s IT infrastructure and information by promoting strong cryptography. We look forward to the VCAT’s review to help ensure we have the most transparent and effective process for doing that,” said Under Secretary of Commerce for Standards and Technology and NIST Director Patrick D. Gallagher.
NIST recently made the decision to abandon a controversial cryptographic algorithm used for random number generation in the wake of allegations that the NSA may have weakened the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) for the benefit of their surveillance activities.
Based on concerns over the algorithm, NIST late last year had commenced a public comment period on the embattled algorithm so that researchers could further examine the encryption standard and its overall reliability.
NIST officially announced the decision to remove the cryptographic algorithm from its revised guidance on random number generators provided in the Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST Special Publication 800-90A, Rev. 1).
“The expert panel will review NIST’s current processes as described in NIST IR 7977, the public comments and NIST cryptographic materials, such as standards and guidelines, and may seek input from other experts. Panel members will provide individual assessments to the VCAT Subcommittee on Cybersecurity, which will report its findings and any recommendations to the full VCAT,” NIST said in a statement.
“The subcommittee will provide an update on its progress on June 11, 2014, at the next VCAT meeting. Upon reviewing the expert assessments and the proposed recommendations of the subcommittee, the VCAT will issue its recommendations to NIST. The reports from the panel members, subcommittee and VCAT will be available at www.nist.gov/director/vcat/.”
Last September, security firm RSA sent an advisory to their developer customers warning against use of a toolkit that employs an NIST encryption algorithm by default that is suspected to have been “backdoored” by the NSA, and in October secure global communications provider Silent Circle announced they would replace NIST cipher suites in their products.
Read More Here…