Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.
The NSA has always been intimately involved in U.S. cryptography standards — it is, after all, expert in making and breaking secret codes. So the agency’s participation in the NIST (the U.S. Commerce Department’s National Institute of Standards and Technology) standard is not sinister in itself. It’s only when you look under the hood at the NSA’s contribution that questions arise.
Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn’t large enough to make the algorithm unusable — and Appendix E of the NIST standard describes an optional work-around to avoid the issue — but it’s cause for concern. Cryptographers are a conservative bunch: We don’t like to use algorithms that have even a whiff of a problem. But today there’s an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.
We don’t know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there’s no way for NIST — or anyone else — to prove otherwise.
This is scary stuff indeed.
Yes, they did. Why wouldn’t they?
If there is a backdoor it could have been inserted by anyone that had access to the code.
There may well be x number of backdoors. Where x = number of people with access.
Oh yeah, STOP USING Wired as a source. They SUCK.
I suspect NSA doesn’t need a back door… of course that wouldn’t necessarily stop them.
Two observations:
1. The NSA, FBI and CIA are nowhere near as good as they would like you to believe they are… can you say 9/11? How about ‘anthrax’?
2. Of course governments attempt to assure every advantage possible. That’s why police carry guns.
Just because they own you is no reason to get pissy.
Never attribute to malice that which can be adequately explained by stupidity.
In the case of the NSA, the Bush administration, Dick Cheney, etc – assume both malice and stupidity.
The only true protection we have against tyranny in this country is the total incompetence of those trying to implement it.
#4 RSH – “That’s why police carry guns.”
That’s why I do too.
#6 Chuck – More Bush Derangement Syndrome.
&
Give up your gun rights and see what happens next in GOUSA.
Steve
“That’s why police carry guns.”
That’s why I do too.
Pull your gun on a police officer to become a corpse.
GigG, if you want a better source, try this:
http://cagematch.dvorak.org/index.php/topic,2851.0.html
That’s some what better at least it leads to this. http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html which is what should have been sourced in the first place.
Chuck, I’m saving some posts for the year 2010. Want to contribute some more?
This is another example of why we need the Geeks to save the world.
We need — open source, privately developed — strong encryption in all our on-line tools.
And it MUST be STANDARD and DEFAULT, rather than a plug-in which the average person will never use.
Start with email.
Why doesn’t this article surprise me? I’ve read of the NSA arranging for “backdoors” in commerically made cryptographic devices before. See this…
http://jya.com/nsa-sun.htm
and other pages found by Googling “swiss company crypto NSA backdoor”.
For the Swiss’ cooperation, I’m sure some banking improprieties were overlooked or covered up, by the DoJ. Probably concerning Nazi gold. After WW2, the broken Enigma machine was sold as a secure technology to many an unknowing government, until the truth came out in a 1970 book. The US and UK (and probably the Russians) only knew before that.
The really question is, was this deception purely for “national security”? Or was some industrial espionage also at work? Did US defense contractors ever get a heads up on their european competition, from the NSA?! Some might justify that practice as being “national security” too! Making sure that Boeing and Lockheed stay in business.
GigG, yep, Schneier is the man. I thought you might enjoy the article as well as the link.
Have you heard Steve Gibson’s remarkable podcast “Security Now” episodes 31-37 for a great background re: cryptography?
http://www.grc.com/SecurityNow.htm#31