Dual EC DRBG Memo

Yan Zhu yan at mit.edu
Wed Sep 11 12:15:12 PDT 2013


This is the most recent revision of the document in which DUAL_EC_DRBG was
presented (specifically, in SP800-90A):
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev.%201,%20B,%20and%20C

Interestingly, review of this document was reopened for public comment a
few days ago "in light of recent reports."

Looks like the version that nytimes links to can be found
here<https://code.google.com/p/squeak-cc-validation/source/browse/trunk/fips/SP800-90_DRBG-June2006-final.pdf?r=3>
.

It hasn't been confirmed that Dual EC DRBG is used for anything important
in practice, AFAIK. See
http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg.


On Wed, Sep 11, 2013 at 11:34 AM, Rich Jones <rich at openwatch.net> wrote:

> NYT confirming suspected Dual EC DRBG backdoor, citing leaked memo, but
> didn't include the PDF/PPT/mbox/nfo/whatever.. Does anybody have a copy?
>
> From
> http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?src=twrhp&_r=1&
>
> But internal memos leaked by a former N.S.A. contractor, Edward Snowden,
>> suggest that the N.S.A. generated one of the random number generators used
>> in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard<http://web.archive.org/web/20060930163233/http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG-June2006-final.pdf>— which contains a back door for the N.S.A. In publishing the standard,
>> N.I.S.T. acknowledged “contributions” from N.S.A., but not primary
>> authorship.
>>
>
> R
>



-- 
Yan Zhu
http://web.mit.edu/zyan/www/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2743 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20130911/40ed6808/attachment-0001.txt>


More information about the cypherpunks mailing list