This is the most recent revision of the document in which DUAL_EC_DRBG was presented (specifically, in SP800-90A): http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev.%201,%20B,%20and%20C

Interestingly, review of this document was reopened for public comment a few days ago "in light of recent reports."

Looks like the version that nytimes links to can be found here.

It hasn't been confirmed that Dual EC DRBG is used for anything important in practice, AFAIK. See http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg.


On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones <rich@openwatch.net> wrote:
NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?

From http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?src=twrhp&_r=1&

But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.

R



--
Yan Zhu
http://web.mit.edu/zyan/www/