The National Security Agency (NSA) influenced the National Institute of Standards and Technology (NIST) to adopt a tainted encryption standard.
That standard, made by the NSA, included a weakness known only to the NSA. That standards in question is the NIST Special Publication 800-90, according to a report in The New York Times.
Adopted by NIST in 2006, NSA cryptographic experts authored the standard, which includes four Deterministic Random Bit Generators with one called Dual_EC_DRBG that should create random numbers to seed encryption keys but, as it turns out, the random numbers it produces have a small bias.
Expert cryptographer Bruce Schneier, and his colleagues Dan Shumow and Niels Ferguson who, in 2007, published research detailing the flaw and theorized it was a deliberate back door. Schneier remained puzzled as to why the NSA was so insistent about including this generator in the standard.
“It makes no sense as a trap door: It’s public, and rather obvious. It makes no sense from an engineering perspective: It’s too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy,” he said, and recommended that nobody use it.
The standard ended up not only adopted by NIST, but by the International Organization for Standardization and Canada’s Communications Security Establishment, as well, according to the Times report.
NIST said it “would not deliberately weaken a cryptographic standard” and that they would continue their mission “to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.”
“NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA,” they said.
Finally, in a gesture of good will and in the hopes to regain some of the trust they have lost from the security community, they reopened the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C so the public can peruse and comment on the standard for a second time.
“If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible,” they said.