New NSA-Approved Encryption Standard May Contain Backdoor

Hugh Pickens writes "Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by software and hardware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 conference (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

Re:One wonders what we can ever do right

[Shakrai]

But in a dog fight the F-15 does quite well

Yes, the F-15 has never been defeated in air to air combat. It's also never faced an opponent remotely close to it's own technological level. Nor has it ever faced a foe as well trained as the typical American or Israeli pilot. The F-15 has been "defeated" during exercises with allied powers, flying planes that are it's equal in technology, with pilots as well trained as ours.

Understand that I'm not bad mouthing it, because it's a beautiful and effective aircraft. I just don't think it's very fair to say it's never been shot down and use that as an example of how great American engineering is, when it's never faced a foe on equal terms.