Wednesday, April 23, 2014

NIST Delists RSA Encryption Algorithm After Snowden Allegations of NSA Bribe

This one's for the 1337 g33ks.

As we all know, one of the most important parts of any encryption suite is the algorithm chosen to power the cryptography, a deterministic random bit generator.

Dual_EC_DRBG, encryption, RSA, NSA, NIST, Edward Snowden, security

In software, it's harder than you think to generate truly random numbers--it's a machine, so when you run a certain thing twice, it just 'wants' to produce the same result each time. Programmers have to go to great efforts to construct a method for generating a series of random numbers that will not repeat whole or in part when regenerated. Designers of pseudo-random and truly random number generators employ much advanced mathematics to achieve the desired results. Not a lot of people can even read, let alone write, this kind of code, and most application coders would get this core algorithm from a specialized author.

One such algorithm, developed by the RSA corporation, that many programmers use is called Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator.

Last December, Edward Snowden claimed that RSA had received a secret $10 million bribe from the NSA to implement the algorithm with certain flaws, to actually weaken the encryption in its bSafe Security tool. RSA to this day still denies the serious allegation, but the National Institute of Standards and Technology (NIST) has announced they have abandoned all use of the algorithm, thus encouraging others to do the same.

There is more information on The Hacker News.

No comments:

Post a Comment

I welcome your comments, please share.