Why the Dual-EC DRBG Mechanism is Suspect

Part 1 of 2 in the Series — Zero to 30

As we covered in December, special publication 800-90, released by the National Institute of Standards and Technology (NIST) in 2006, claimed that security vendor RSA and the NSA created a deal to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product.

whitepaperThese claims introduce serious questions about the security of the algorithm. Random-bit generation is a critical foundation of every security protocol. The presence of a backdoor would have serious implications for security everywhere the algorithm is used.

Because of the critical role they play in every security protocol, Entrust pays close attention to the design of random-bit generators, and it does not use NIST’s Dual-EC DRBG in any of its products or services.

Download our most recent complimentary whitepaper, “Zero to Dual_EC_DRBG in 30 minutes,” which provides an introduction to the elliptic-curve DRBG mechanism and explores, in detail, why the design approach is suspect.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.

1 Comment

Add to the Conversation