Defense

NIST drops controversial encryption algorithm

The National Institute of Standards and Technology pulled an encryption algorithm from a security document over concerns that spies were exploiting backdoors in the code.

By Greg Otto

June 29, 2015

The National Institute for Standards and Technology has removed a controversial encryption algorithm from a key security document after years of reports that it contained a backdoor for the National Security Agency.

NIST announced Thursday that its revision to Special Publication 800-90A Rev. 1 — Recommendation for Random Number Generation Using Deterministic Random Bit Generators — would permanently remove the Dual Elliptic Curve random number generator (Dual_EC_DRBG) from its list of reliable algorithms. The removal comes after what the agency calls “concerns that it might contain a weakness that attackers could exploit to predict the outcome of random number generation.”

Among those “attackers” could be the NSA. Stories related to the Edward Snowden leaks pegged the agency, which created the algorithm, as having the ability to break the encryption under its Bullrun program.

Random number generation is a keystone of encryption, especially elliptic curve encryption, which creates an extremely complex mathematical problem to protect information. With a backdoor, that protection is rendered useless.

The document also recommends introducing more randomness into a number of other key algorithms, as the refresh keeps the encryption from becoming weak.

NIST has been debating the removal of the Dual_EC_DRBG since April of last year. Last week’s announcement makes the edit permanent.

NIST drops controversial encryption algorithm

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

Login.gov pilot to include option for biometric verification

Top Stories

How NIH’s National Library of Medicine is testing AI to match patients to clinical trials

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

ICE pursuing privacy approvals related to controversial phone location data

USPTO issues guidance for AI use in applications and processes

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

GAO budget request puts premium on modernization efforts

CISA emergency directive tells agencies to fix credentials after Microsoft breach

More Scoops

From research to talent: Five AI takeaways from Biden’s budget

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

NIST previews open competition for semiconductor research and development

NIST seeks public input on its AI executive order requirements

NIST seeks participants for new artificial intelligence consortium

Top Republican working on ‘light touch’ AI bill with focus on generative AI and self-certification system

NIST to seek input on White House strategy for emerging tech standards development

Latest Podcasts

NIST drops controversial encryption algorithm

Elastic’s Chris Townsend on the power AI and cloud computing

Google’s Leigh Palmer on the need for transparency in public sector AI

Google’s Amina Al Sherif on balancing innovation and risk in public service

Tech

Defense

Cyber

Acquisition