It's not the actual spec I'm interested in - it's the memo, which could detail any number of things; how they were able to pressure NIST, theoretical attacks, actual attacks, known vendors, limitations, etc.

Names, basically. I want to see if there are any names.

R


On Wed, Sep 11, 2013 at 12:15 PM, Yan Zhu <yan@mit.edu> wrote:
This is the most recent revision of the document in which DUAL_EC_DRBG was presented (specifically, in SP800-90A): http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev.%201,%20B,%20and%20C

Interestingly, review of this document was reopened for public comment a few days ago "in light of recent reports."

Looks like the version that nytimes links to can be found here.

It hasn't been confirmed that Dual EC DRBG is used for anything important in practice, AFAIK. See http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg.


On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones <rich@openwatch.net> wrote:
NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?

From http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?src=twrhp&_r=1&

But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.

R



--
Yan Zhu
http://web.mit.edu/zyan/www/



--
—————————————

Rich Jones

OpenWatch is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS and for Android!