Slashdot Mirror

← Back to Stories (view on slashdot.org)

New NSA-Approved Encryption Standard May Contain Backdoor

Posted by Zonk on from the find-out-by-knocking dept.

Hugh Pickens writes "Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by software and hardware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 conference (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

4 of 322 comments (clear)

  1. One wonders what we can ever do right by bogaboga · · Score: 0, Offtopic

    he generator based on elliptic curves called Dual_EC_DRBG has been has been championed by the NSA and contains a weakness that can only be described a backdoor.

    As a person, I am not very surprised. Software can be hard to develop. But on the other hand, I wonder what we as a nation (USA) can ever get right.

    When I thought we had [finally] got the Boeing 787 Dreamliner right, I was informed the execution of the whole project was flawed.

    Result? The plane will be delayed by more than 6 months, not to mention that a big chunk of the plane is manufactured abroad. I continue to be disappointed.

    1. Re:One wonders what we can ever do right by Shakrai · · Score: 0, Offtopic

      How about the F16 it has never been shot down.

      Uhh, ya wanna rethink that?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:One wonders what we can ever do right by Shakrai · · Score: 1, Offtopic

      But in a dog fight the F-15 does quite well

      Yes, the F-15 has never been defeated in air to air combat. It's also never faced an opponent remotely close to it's own technological level. Nor has it ever faced a foe as well trained as the typical American or Israeli pilot. The F-15 has been "defeated" during exercises with allied powers, flying planes that are it's equal in technology, with pilots as well trained as ours.

      Understand that I'm not bad mouthing it, because it's a beautiful and effective aircraft. I just don't think it's very fair to say it's never been shot down and use that as an example of how great American engineering is, when it's never faced a foe on equal terms.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  2. Re:Everyone who is not in NSA... by Catharsis · · Score: 0, Offtopic

    Not to say that anti-virus / pharmaceutical companies are not ethical. I'll say it for you then.

    Pharmaceutical companies are not ethical. They are a special brand of evil investing billions into developing new drugs so that old men can get a woody and testing adult drugs on children to extend their patent terms while drugs that could actually help children go untested due to poor market projections. The real nail in the coffin is that they use their marketing weight to market less effective but still patented versions of drugs once their originals go into the public domain.

    Anti-virus companies? Well, I'm not about to throw mud at Peter Norton. He kept the Michelangelo virus off my XT and he did it in a pink shirt. That takes balls.
    --

    "The wise man proportions his belief to the evidence." -- David Hume