So many months after the NSA scandal broke, the National Institute of Standards and Technology (NIST) has finally announced that it has removed the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) from its list of random number generators (RNG).
This is particularly important since this particular RNG was delivered by the National Security Agency, a source that no one trusts anymore.
Dual_EC_DRBG was used by RSA in its BSAFE products after it accepted $10 million from the NSA, as reported a while back. People instantly became concerned that the algorithm contained a backdoor that would allow the intelligence agency to obtain the encryption keys of all users, and therefore to defeat the very purpose of the product.
NIST recommended against the use of the algorithm at the time, but it has only just now taken the final step to remove it from its draft guidance on RNGs.
“The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data. It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible,” the announcement reads.
The institute explained that its decision to remove the Dual Elliptic Curve Deterministic Random Bit Generator from the list comes after it performed an evaluation, but also in response to the lack of public confidence in the algorithm.
Taking things a step further, NIST advises anyone still using the NSA-recommended algorithm to stop doing so and use one of the three remaining approved alternatives. Even more, NIST has issued an advisory to federal agencies and other buyers of cryptographic products to simply ask vendors if their cryptographic modules rely on Dual_EC_DRBG and if so, to ask for the products’ reconfiguration.
“Most of these modules implement more than one random number generator. In some cases, the Dual_EC_DRBG algorithm may be listed as included in a product, but another approved algorithm may be used by default. If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm,” NIST writes.
The RSA admitted at the time to implementing the algorithm in its products, but later accused the NSA of betraying their trust. After all, the company said, how was anyone supposed to know that the intelligence agency was conducting mass surveillance?
Prior to the scandal, the NSA was a trusty source of encryption methods.