This is the most recent revision of the document in which DUAL_EC_DRBG was presented (specifically, in SP800-90A): [1]http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev. %201,%20B,%20and%20C Interestingly, review of this document was reopened for public comment a few days ago "in light of recent reports." Looks like the version that nytimes links to can be found [2]here. It hasn't been confirmed that Dual EC DRBG is used for anything important in practice, AFAIK. See [3]http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drb g. On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones <[4]rich@openwatch.net> wrote: NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy? From [5]http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps- to-restore-confidence-on-encryption-standards/?src=twrhp&_r=1& But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard [6]called the Dual EC DRBG standard which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged contributions from N.S.A., but not primary authorship. R -- Yan Zhu [7]http://web.mit.edu/zyan/www/ References 1. http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A Rev. 1, B, and C 2. https://code.google.com/p/squeak-cc-validation/source/browse/trunk/fips/SP800-90_DRBG-June2006-final.pdf?r=3 3. http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg 4. mailto:rich@openwatch.net 5. http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?src=twrhp&_r=1& 6. http://web.archive.org/web/20060930163233/http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG-June2006-final.pdf 7. http://web.mit.edu/zyan/www/