NSA Offers New Encryption Standard with Handy Backdoor Exploit
Posted on November 15th, 2007 in uncategorized | No Comments »
Bruce Schneier writes that the U.S. government released a new standard for random number generators this year. Random numbers are used in creating encryption keys and in other aspects of cryptography. One of those new standards, championed by the NSA, has been demonstrated to have a back door exploit. It uses a list of constants to define the encryption algorithm, but the source of these fixed numbers is not explained. Researchers have shown that
“these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output…. Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants — and has the secret numbers. We don’t know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does.”