NIST Reconsiders Support for Suspect Algorithm

Tim Moses

The reputation of the U.S. National Institute of Standards and Technology (NIST) took a massive hit last year when it was suggested in revelations made by Edward Snowden that one of its standard procedures for generating random bit sequences had been subverted by the Nation Security Agency (NSA).

National Institute of Standards and Technology  & NSAIf the suggestions were correct, then the flaw in the Dual-EC DRBG mechanism would allow NSA (and potentially others) to surreptitiously intercept encrypted communications from products that implemented the procedure.

Fortunately, few products did, in fact, implement the flawed procedure, and NIST has now deleted it from its guidance, indicating that implementations should be considered non-compliant. NIST has acted as a trusted source of guidance on matters related to information security for many years, and it has recently acted to restore its reputation in this area by instituting an open review of its procedures for standardizing cryptographic algorithms and protocols.

It is to be hoped that NIST can quickly put this unfortunate incident behind it and again direct its expertise and resources to improving the security of information systems — both within the U.S. government, and in the broader community.

Tim Moses
Tim Moses
Senior Director, Advanced Security Technology

Tim Moses, Entrust Datacard’s Senior Director of Advanced Security Technology, is responsible for Entrust Datacard’s research and standards activities. He holds BSc and PhD degrees in electronic engineering and has over 30 years’ experience in industry. He has worked in the field of information security — in both product design and consulting capacities — for the past 20 years. His current research interests include trust solutions for electronic travel documents and browsers. He is the past-chair of the CABForum.


Add to the Conversation