NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy? From http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?src=twrhp&_r=1& But internal memos leaked by a former N.S.A. contractor, Edward Snowden,
suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard<http://web.archive.org/web/20060930163233/http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG-June2006-final.pdf>— which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.
R
This is the most recent revision of the document in which DUAL_EC_DRBG was presented (specifically, in SP800-90A): http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev.%201,%20... Interestingly, review of this document was reopened for public comment a few days ago "in light of recent reports." Looks like the version that nytimes links to can be found here<https://code.google.com/p/squeak-cc-validation/source/browse/trunk/fips/SP800-90_DRBG-June2006-final.pdf?r=3> . It hasn't been confirmed that Dual EC DRBG is used for anything important in practice, AFAIK. See http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg. On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones <rich@openwatch.net> wrote:
NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?
But internal memos leaked by a former N.S.A. contractor, Edward Snowden,
suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard<http://web.archive.org/web/20060930163233/http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG-June2006-final.pdf>— which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.
R
-- Yan Zhu http://web.mit.edu/zyan/www/
It's not the actual spec I'm interested in - it's the memo, which could detail any number of things; how they were able to pressure NIST, theoretical attacks, actual attacks, known vendors, limitations, etc. Names, basically. I want to see if there are any names. R On Wed, Sep 11, 2013 at 12:15 PM, Yan Zhu <yan@mit.edu> wrote:
This is the most recent revision of the document in which DUAL_EC_DRBG was presented (specifically, in SP800-90A): http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev.%201,%20...
Interestingly, review of this document was reopened for public comment a few days ago "in light of recent reports."
Looks like the version that nytimes links to can be found here<https://code.google.com/p/squeak-cc-validation/source/browse/trunk/fips/SP800-90_DRBG-June2006-final.pdf?r=3> .
It hasn't been confirmed that Dual EC DRBG is used for anything important in practice, AFAIK. See http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg.
On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones <rich@openwatch.net> wrote:
NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?
But internal memos leaked by a former N.S.A. contractor, Edward Snowden,
suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard<http://web.archive.org/web/20060930163233/http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG-June2006-final.pdf>— which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.
R
-- Yan Zhu http://web.mit.edu/zyan/www/
-- ————————————— Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS<https://itunes.apple.com/us/app/openwatch-social-muckraking/id642680756?ls=1&mt=8>and for Android<https://play.google.com/store/apps/details?id=org.ale.openwatch&hl=en> !
It appears the tin foil crowd has been correct for years. http://www.theguardian.com/world/interactive/2013/sep/11/nsa-israel-intellig ence-memorandum-understanding-document?CMP=twt_gu http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-isr ael-documents
participants (3)
-
David D -
Rich Jones -
Yan Zhu