Skip to main content

NSA encryption backdoor proof of concept published

posted onJanuary 6, 2014
by l33tdawg

Although weaknesses in one pseudo-random number generator (PRNG) at the heart of a US National Security Agency (NSA) scandal have been known for years, recent media attention has given light to proof-of-concept code.

The Dual Elliptic Curve Deterministic Random Bit Generator, or Dual_EC_DRBG as it is referred to by the US National Institute of Standards and Technology (NIST), has been fraught with controversy. NIST's specifications for Dual_EC_DRBG (along with three other PRNGs) is in Special Publication (SP) 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (PDF), with Elaine Barker and John Kelsey as authors.

Kelsey notes (PDF), however, that much of the work on the standards was conducted by the NSA. The problem, according to Kelsey, is that the Dual_EC_DRBG, like many algorithms, relies on parameters labelled P and Q for security. These could be randomly generated; however, the actual choice of P and Q were dictated by those involved in the design of the algorithm — the NSA.

Source

Tags

NSA Encryption

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th