NIST encryption standard may have NSA backdoor
According to security experts, an algorithm for generating random numbers that is included in an official standard documented by the National Institute of Standards and Technology (NIST) could potentially include a backdoor planted by the NSA.
In a recent blog entry, cryptographer Bruce Schneier describes research that was presented by his colleagues Niels Ferguson and Dan Shumow at the CRYPTO 2007 conference this past August. The security researchers have raised concerns about a potential backdoor in the Dual_EC_DRBG algorithm, which is documented in NIST's 800-90 publication about deterministic random bit generators. Dual_EC_DRBG, which is based on elliptic curves, is said to be significantly slower to compute than the other algorithms in the standard and was supposedly only included at all because it has the strong support of the NSA.
Dual_EC_DRBG uses a seemingly arbitrary series of specific fixed numbers which are published in the standard to define the elliptic curve used for the algorithm. The origin of those numbers has not been revealed or explained but it is possible to use other numbers instead. The researchers realized that the fixed set of numbers used in Dual_EC_DRBG could have a mathematical relationship to a secret second set of numbers, which could then be used as a master key to decrypt content.
