Dual-EC DRBG Concerns Hit Media Again
NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation.
Random-bit generation is a critical foundation of every security protocol. So, the presence of a backdoor would have serious implications for security everywhere the algorithm is used.
Concerns about the security of the algorithm date back to 2006. And, in 2007, Shumow and Ferguson raised the real possibility that the algorithm contains a backdoor, or (at the very least) the designers failed to show that no backdoor was present, even though they could have done so.
Fortunately, the NIST specification describes three alternative algorithms, all of which were based on well-established cryptographic principles. By “well-established” we mean that the academic community had examined their security properties over many years and was satisfied that they were cryptographically sound.
Because of the critical role they play in every security protocol, Entrust pays close attention to the design of random-bit generators, and it does not use NIST’s Dual-EC DRBG in any of its products or services.
As a general principle, Entrust does not use cryptographic techniques that have not withstood the test of time. In addition, we make available as broad a range of algorithms as possible, so that alternatives are available in the event cryptanalytic advances are made against any one algorithm.
At Entrust, we believe that this just makes sense.