new details about NSA backdoor in crypto spec

[Usr6]

Today, the New York Times reported that an algorithm for generating random numbers, which was adopted in 2006 by the National Institute of Standards and Technology (NIST), contains a backdoor for the NSA. The news followed a NYT report from last week, which indicated that the National Security Agency (NSA) had circumvented widely used (but then-unnamed) encryption schemes by placing backdoors in the standards that are used to implement the encryption.

In 2007, cryptographers Niels Ferguson and Dan Shumow presented research suggesting that there could be a potential backdoor in the Dual_EC_DRBG algorithm, which NIST had included in Special Publication 800-90. If the parameters used to define the algorithm were chosen in a particular way, they would allow the NSA to predict the supposedly random numbers produced by the algorithm. It wasn't entirely clear at the time that the NSA had picked the parameters in this way; as Ars noted last week, the rationale for choosing the particular Dual_EC_DRBG parameters in SP 800-90 was never actually stated.

Today, the NYT says that internal memos leaked by Edward Snowden confirm that the NSA generated the Dual_EC_DRBG algorithm. Publicly, however, the agency's role in development was significantly underbilled: “In publishing the standard, NIST acknowledged 'contributions' from NSA, but not primary authorship,” wrote the NYT. From there, the NSA pushed the International Organization for Standardization to adopt the algorithm, calling it “a challenge in finesse” to convince the organization's leadership.

“Eventually, NSA became the sole editor” of the international standard, according to one classified memo seen by the NYT.

The details come just as NIST released a promise to reopen the public vetting process for SP 800-90. “We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” a memo from the Institute read. “NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the US government and industry at large.”

Still, NIST asserted that its purpose was to protect the federal government first: “NIST’s mandate is to develop standards and guidelines to protect federal information and information systems. Because of the high degree of confidence in NIST standards, many private industry groups also voluntarily adopt these standards.”

Sursa: New York Times provides new details about NSA backdoor in crypto spec | Ars Technica