• NIST Reconsiders Support for Suspect Algorithm

    The reputation of the U.S. National Institute of Standards and Technology (NIST) took a massive hit last year when it was suggested in revelations made by Edward Snowden that one of its standard procedures for generating random bit sequences had been subverted by the Nation Security Agency (NSA). If the suggestions were correct, then the flaw in the Dual-EC DRBG

        in Encryption
    0
  • Why the Dual-EC DRBG Mechanism is Suspect

    As we covered in December, special publication 800-90, released by the National Institute of Standards and Technology (NIST) in 2006, claimed that security vendor RSA and the NSA created a deal to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. These claims introduce serious questions about the security of

        in Encryption, Public Key Infrastructure
    0
  • Dual-EC DRBG Concerns Hit Media Again

    NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation is a critical foundation of

        in General
    0