The National Institute of Standards and Technology (NIST) removed the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) from its list of random number generators (RNG).
The reason this is a big deal is because this RNG ended up delivered by the National Security Agency (NSA), which has had trust issues of late.
Dual_EC_DRBG ended up used by RSA in its BSAFE products after it accepted $10 million from the NSA. People instantly became concerned the algorithm contained a backdoor that would allow the intelligence agency to obtain the encryption keys of all users, and therefore to defeat the very purpose of the product.
NIST recommended against the use of the algorithm at the time, but it has only just now taken the final step to remove it from its draft guidance on RNGs.
“The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data. It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible,” NIST said.
The institute explained that its decision to remove the Dual Elliptic Curve Deterministic Random Bit Generator from the list comes after it performed an evaluation, but also in response to the lack of public confidence in the algorithm.
NIST advises anyone still using the NSA-recommended algorithm to stop doing so and use one of the three remaining approved alternatives. NIST issued an advisory to federal agencies and other buyers of cryptographic products to simply ask vendors if their cryptographic modules rely on Dual_EC_DRBG and if so, to ask for the products’ reconfiguration.
“Most of these modules implement more than one random number generator. In some cases, the Dual_EC_DRBG algorithm may be listed as included in a product, but another approved algorithm may be used by default. If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm,” NIST said.