NIST Stops Recommending Controversial Random Number Generator

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Dual_EC_DRBG removed from recommended list following reports of NSA-funded backdoors

The US body responsible for encryption standardisation has removed a flawed random number generator thought to have been exploited by the National Security Agency (NSA) from its recommendations.

The Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) was one of four options provided by the National Institute for Standards and Technology (NIST), a US government agency, for generating pseudorandom bits for encryption keys.

RSABut after a Reuters report suggested security firm RSA had been paid by the NSA to use Dual_EC_DRBG in its products, many became concerned about the standard. RSA has denied the report,

NIST finally kills Dual_EC_DRBG

“Some commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys,” NIST said, in announcing the decision.

“Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG.

“NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm.

“NIST advises federal agencies and other buyers of cryptographic products to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and if so, to ask their vendors to reconfigure those products to use alternative algorithms.”

The problems with Dual_EC_DRBG stem back to 2007, when security expert Bruce Schneier questioned whether a backdoor had been placed in the random number generator by the NSA.

In September 2013, NIST recommended vendors and users cease to operate Dual_EC_DRBG. RSA also told customers to stop using it, even though it was turned on by default in the BSAFE line of web encryption tools.

Are you a security expert? Try our quiz!

Read also :