November 15, 2007

NSA Pushing Randomization Standard that has a 'Back Door'

Schneier on Security brings us The Strange Story of Dual_EC_DRBG. it seems that one of the new randomization standards being pushed by NIST originated in the NSA and is capable of being engineered to produce numbers that look random but are not.

Since random numbers are frequently used to seed cryptographic algorithms, this is a fairly big deal to the crypto community. The NSA isn’t talking, but I’m guessing this was no accident.


Posted by Michael : November 15, 2007 09:51 AM | Cryptography | TechnoLinks
Slashdot   Slashdot It!
Comments

I know someone who was at the NIST RNG workshop at which the algorithm was first presented, and his view is that it wasn't that someone was deliberately pushing an algorithm which they knew to be flawed. Rather, it was a case of having overindulged in the "elliptic curves are good" koolaid.

Posted by: Melinda at November 15, 2007 01:09 PM

Yep. Remember, that the result isn't really random is the canonical problem with RNG's. Occam says your first guess when something exhibits a canonical problem is one of the canonical causes: in this case, bad math.

Posted by: wcw at November 18, 2007 04:51 PM


Add Discourse.net to your RSS/RDF/XML reader: Full feed

Powered by Movable Type 2.64.


   out of