Why the Dual-EC DRBG Mechanism is Suspect
As we covered in December, special publication 800-90, released by the National Institute of Standards and Technology (NIST) in 2006, claimed that security vendor RSA and the NSA created a deal to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product.
These claims introduce serious questions about the security of the algorithm. Random-bit generation is a critical foundation of every security protocol. The presence of a backdoor would have serious implications for security everywhere the algorithm is used.
Because of the critical role they play in every security protocol, Entrust pays close attention to the design of random-bit generators, and it does not use NIST’s Dual-EC DRBG in any of its products or services.
Download our most recent complimentary whitepaper, “Zero to Dual_EC_DRBG in 30 minutes,” which provides an introduction to the elliptic-curve DRBG mechanism and explores, in detail, why the design approach is suspect.