NIST SP 800-90A

NIST SP 800-90A ("SP" stands for "special publication") is a publication by the National Institute of Standards and Technology with the title Recommendation for Random Number Generation Using Deterministic Random Bit Generators. The publication contains the specification for four cryptographically secure pseudorandom number generators for use in cryptography: Hash_DRBG (based on hash functions), HMAC_DRBG (Based on Hash-based message authentication code), CTR_DRBG (based on block ciphers), and Dual_EC_DRBG (based on elliptic curve cryptography). The Dual_EC_DRBG RNG was later reported to probably contain a kleptographic backdoor inserted by the National Security Agency, while the other three random number generators are still considered secure.^[1]

As a work of the US Federal Government, NIST SP 800-90A is in the public domain and freely available. However, the version now available [17 Feb 2014] under the original SP 800-90A designation is actually an externally unlabelled version dated internally as January 2012. The updating changes need to be compared to the actual original document. [Needed: a validated link or reference citation to the original version of March 2007.]

Backdoor in Dual_EC_DRBG

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

As part of the Bullrun program, NSA has been inserting backdoors into cryptography systems. One such target was suggested in 2013 to be Dual_EC_DRBG.^[2] The NSA accomplished this by working during the standardization process to eventually become the sole editor of the standard.^[3] In getting Dual_EC_DRBG accepted into NIST SP 800-90A, NSA cited prominent security firm RSA Security's usage of Dual_EC_DRBG in their products. However RSA Security had been paid $10 million by NSA to use Dual_EC_DRBG as default, in a deal that Reuters describes as "handled by business leaders rather than pure technologists". As the $10 million contract to get RSA Security to use Dual_EC_DRBG was described by Reuters as secret, the people involved in the process of accepting Dual_EC_DRBG into NIST SP 800-90A were presumably not made aware of this obvious conflict of interest.^[4] This might help explain how a random number generator later shown to be inferior to the alternatives (in addition to the back door) made it into the NIST SP 800-90A standard.

The potential for a backdoor in Dual_EC_DRBG had already been documented by Dan Shumow and Niels Ferguson in 2007,^[5] but continued to be used in practice by companies such as RSA Security until the 2013 revelation.^[1] Given the known flaws in Dual_EC_DRBG, there have subsequently been accusations that RSA Security knowingly inserted a NSA backdoor into its products. RSA has denied knowingly inserting a backdoor into its products.^[6]

Following the NSA backdoor revelation, NIST has reopened the public vetting process for the NIST SP 800-90A standard.^[2][7]

External links

• Lua error in package.lua at line 80: module 'strict' not found.

References

1. ↑ ^{1.0 1.1} Lua error in package.lua at line 80: module 'strict' not found.
2. ↑ ^{2.0 2.1} Lua error in package.lua at line 80: module 'strict' not found.
3. ↑ Lua error in package.lua at line 80: module 'strict' not found.
4. ↑ Lua error in package.lua at line 80: module 'strict' not found.
5. ↑ Lua error in package.lua at line 80: module 'strict' not found.
6. ↑ Lua error in package.lua at line 80: module 'strict' not found.
7. ↑ Lua error in package.lua at line 80: module 'strict' not found.