Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

NIST Pulls Dual_EC_DRBG Algorithm from Random Number Generator Recommendations

The National Institute of Standards and Technology (NIST) announced on Monday that it has removed the Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator from its draft guidance on random number generators.

The National Institute of Standards and Technology (NIST) announced on Monday that it has removed the Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator from its draft guidance on random number generators.

After it was reported that RSA accepted $10 million from the NSA to use Dual_EC_DRBG as the default in its BSAFE products, people became concerned that the algorithm contained a weakness that would allow the NSA to obtain the encryption keys and defeat the protections provided by those keys.

As a result, NIST immediately recommended against the use of the algorithm and called for public comment.

Before making the change official and pulling the Dual_EC_DRBG algorithm from its guidance, NIST is requesting final public comments on the revised document which can be found here

The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data, NIST said.

Issues with the algorithm have been known for years, though RSA continued to use it in BSAFE until NIST withdrew its support for the standard in September.

At the RSA conference in February, RSA Chief Art Coviello, said in his keynote address that using the algorithm as default allowed the company to meet government requirements and stopped in September after NIST issued guidance discouraging it.

“Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG from the Rev. 1 document,” NIST explained.

Advertisement. Scroll to continue reading.

Additionally, NIST is recommending that those who use Dual_EC_DRBG should stop doing so and use one of the three remaining approved algorithms as soon as possible.

The revised SP 800-90A is available online along with instructions for submitting comments. The public comment period closes on May 23, 2014, and NIST said it would consider any comments when making revisions to SP 800-90A.

NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm and not wait for further revision of the Rev. 1 document.

NIST advises federal agencies and other buyers of cryptographic products to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and if so, to ask their vendors to reconfigure those products to use alternative algorithms.

A list of cryptographic modules that include Dual_EC_DRBG can be found here.

“Most of these modules implement more than one random number generator,” NIST added. “In some cases, the Dual_EC_DRBG algorithm may be listed as included in a product, but another approved algorithm may be used by default. If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm.”

Additional details are available from the NIST website

In addition to removing Dual_EC_DRBG,  NIST said that a committee would review NIST’s cryptographic standards process, and plans to produce a public report of its findings and recommendations.

Related Reading: NSA-Linked ‘Extended Random’ Extension Discovered Inside RSA BSAFE

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...