Defense

NIST drops controversial encryption algorithm

The National Institute of Standards and Technology pulled an encryption algorithm from a security document over concerns that spies were exploiting backdoors in the code.

By Greg Otto

June 29, 2015

The National Institute for Standards and Technology has removed a controversial encryption algorithm from a key security document after years of reports that it contained a backdoor for the National Security Agency.

NIST announced Thursday that its revision to Special Publication 800-90A Rev. 1 — Recommendation for Random Number Generation Using Deterministic Random Bit Generators — would permanently remove the Dual Elliptic Curve random number generator (Dual_EC_DRBG) from its list of reliable algorithms. The removal comes after what the agency calls “concerns that it might contain a weakness that attackers could exploit to predict the outcome of random number generation.”

Among those “attackers” could be the NSA. Stories related to the Edward Snowden leaks pegged the agency, which created the algorithm, as having the ability to break the encryption under its Bullrun program.

Random number generation is a keystone of encryption, especially elliptic curve encryption, which creates an extremely complex mathematical problem to protect information. With a backdoor, that protection is rendered useless.

The document also recommends introducing more randomness into a number of other key algorithms, as the refresh keeps the encryption from becoming weak.

NIST has been debating the removal of the Dual_EC_DRBG since April of last year. Last week’s announcement makes the edit permanent.

NIST drops controversial encryption algorithm

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

NIST Director Laurie Locascio to depart in January

Top Stories

Trump’s Schedule F would have hurt govtech recruitment, OPM official says

FAA seeks artificial intelligence-powered safety tool

From genomics breakthroughs to tracking Amazon fires: Flemming Awards turn spotlight on federal scientists

Federal data management career path needs improvement, CDO Council vice chair says

OpenAI further expands its generative AI work with the federal government

DOJ employees wary of doxxing threats call on leadership for stronger response

EPA CIO Vaughn Noga details slew of new modernization efforts underway

Former GSA, FDIC IT official headed to Railroad Retirement Board

More Scoops

Legislation to codify NAIRR, authorize safety body among nine AI bills passed by House panel

NIST expands passkey, digital wallet direction in updated identity guidelines draft

NIST releases three encryption standards to prepare for future quantum attacks

Apple agrees to White House AI commitments, as agencies meet more executive order deadlines

New TMF investments support AI Safety Institute, upgrades to nuclear emergency response

NIST seeks organization to stand up institute focused on AI to boost manufacturing

NIST issues final guidance update for protecting sensitive information

Latest Podcasts

How Trump’s Schedule F could hurt govtech recruitment; TSA issues proposed cyber mandates for pipelines, rail, airlines

A look at next week’s hearing on unidentified anomalous phenomena; Space Force expands top secret intel-sharing program to support new mission areas

DOJ employees call on leadership for stronger response to doxxing; Scale AI unveils ‘Defense Llama’ large language model

Exclusive interviews from CyberTalks 2024 w/ Federal CIO Clare Martorana, Federal CISO Michael Duffy

Tech

Defense

Cyber

FedScoop TV