Webmaster rambling and mental notes
Home | Profile | Archives | Friends
New NSA-Approved Encryption Standard May Contain Backdoor
11/16/2007

Hugh Pickens writes "Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by dos and ironware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 interview (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a tie with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

Read more of this story at Slashdot.


More: - Read More

Mark

Share |
(Posted in Nerd)
Share and enjoy
  • Digg
  • del.icio.us
  • blinkbits
  • BlinkList
  • BlogMemes
  • blogmarks
  • DZone
  • Fark
  • Furl
  • Netvouz
  • NewsVine
  • Reddit
  • Slashdot
  • Smarking
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
Post Comment

Notify me of followup comments via e-mail.

Entry 1 of 6209
Last Page | Next Page