The US body responsible for encryption standardisation has removed a flawed random number generator thought to have been exploited by the National Security Agency (NSA) from its recommendations.
The Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) was one of four options provided by the National Institute for Standards and Technology (NIST), a US government agency, for generating pseudorandom bits for encryption keys.
“Some commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys,” NIST said, in announcing the decision.
“Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG.
“NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm.
“NIST advises federal agencies and other buyers of cryptographic products to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and if so, to ask their vendors to reconfigure those products to use alternative algorithms.”
The problems with Dual_EC_DRBG stem back to 2007, when security expert Bruce Schneier questioned whether a backdoor had been placed in the random number generator by the NSA.
In September 2013, NIST recommended vendors and users cease to operate Dual_EC_DRBG. RSA also told customers to stop using it, even though it was turned on by default in the BSAFE line of web encryption tools.
Are you a security expert? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…