NIST SP 800-90A

From Wikipedia, the free encyclopedia

NIST SP 800-90A ("SP" stands for "special publication") is a publication by the National Institute of Standards and Technology with the title Recommendation for Random Number Generation Using Deterministic Random Bit Generators. The publication contains the specification for four cryptographically secure pseudorandom number generators for use in cryptography: Hash DRBG (based on hash functions), HMAC DRBG (Based on Hash-based message authentication code), CTR DRBG (based on block ciphers), and Dual_EC_DRBG (based on elliptic curve cryptography). The Dual_EC_DRBG RNG was later reported to probably contain a backdoor inserted by the National Security Agency, while the other three random number generators are still considered secure.[1]

As a work of the US Federal Government, NIST SP 800-90A is in the public domain and freely available.

Backdoor in Dual_EC_DRBG

Main article: Dual_EC_DRBG

As part of the Bullrun program, NSA has been inserting backdoors into cryptography systems. One such target was suggested in 2013 to be Dual_EC_DRBG.[2] The NSA accomplished this by working during the standardization process to eventually become the sole editor of the standard.[3] In getting Dual_EC_DRBG accepted into NIST SP 800-90A, NSA cited prominent security firm RSA Security's usage of Dual_EC_DRBG in their products. However RSA Security had been paid $10 million by NSA to use Dual_EC_DRBG as default, in a deal that Reuters describes as "handled by business leaders rather than pure technologists". As the $10 million contract to get RSA Security to use Dual_EC_DRBG was described by Reuters as secret, the people involved in the process of accepting Dual_EC_DRBG into NIST SP 800-90A were presumably not made aware of this obvious conflict of interest.[4] This might help explain how a random number generator later shown to be inferior to the alternatives (in addition to the back door) made it into the NIST SP 800-90A standard.

The potential for a backdoor in Dual_EC_DRBG had already been documented by Dan Shumow and Niels Ferguson in 2007,[5] but continued to be used in practice by companies such as RSA Security until the 2013 revelation.[1] Given the known flaws in Dual_EC_DRBG, there have subsequently been accusations that RSA Security knowingly inserted a NSA backdoor into its products. RSA has denied knowingly inserting a backdoor into its products.[6]

The discovery of a probable backdoor in a NIST standard has been a major embarrassment for the National Institute of Standards and Technology. Following the NSA backdoor revelation, NIST has reopened the public vetting process for the NIST SP 800-90A standard.[2]

References

  1. 1.0 1.1 Matthew Green. "RSA warns developers not to use RSA products". 
  2. 2.0 2.1 "Government Announces Steps to Restore Confidence on Encryption Standards". New York Times. 
  3. "Revealed: how US and UK spy agencies defeat internet privacy and security". The Guardian. 
  4. Menn, Joseph (December 20, 2013). "Exclusive: Secret contract tied NSA and security industry pioneer". San Francisco. Reuters. Retrieved December 20, 2013. 
  5. Bruce Schneier (2007-11-15). "Did NSA Put a Secret Backdoor in New Encryption Standard?". Wired News. 
  6. "We don’t enable backdoors in our crypto products, RSA tells customers". Ars Technica. 

External links

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.