Thursday, September 26, 2013

NIST: Drop Use Of Our (NSA-Influenced) Encryption Standard

Jeff Larson and Justin Elliott of Pro Publica:
Following revelations about the NSA’s covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards.

But in a little-noticed footnote, NIST went a step further, saying it is “strongly” recommending against even using one of the standards. The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry.

As ProPublica, the New York Times, and the Guardian reported last week, documents provided by Edward Snowden suggest that the NSA has heavily influenced the standard, which has been used around the world.

Everything you thought was secret...


  1. Man, I really wish I were still teaching crypto...

  2. One little known fact is that the random number generator in the latest Intel microprocessors is related to one of the standards that NIST says not to use. Which makes Theodore T'so chortle, because Intel (and Red Hat) tried to force the Linux random number generator to just call that Intel instruction (if available) to provide random numbers -- and Ted was smart enough to refuse to do so. Now we know it's at least potentially compromised. Yay!

    Note: It's impossible to validate a random number generator. If you set a counter going 0 1 2 3 4 5 ... up to 128 bits, and encrypted the output of that counter with a known key via the AES algorithm, it would look exactly like the output of a random number -- one of the ways you validate an encryption algorithm is by validating that its output when encrypting a known text is statistically indistinguishable from a random sequence, otherwise you are leaking information -- but it would not at all be random because the output sequence would be completely known to an attacker. You can validate that it generates a different sequence of numbers each time you call it, but you can't validate that it's not generating a *known* different sequence of numbers. Not unless you have more time than the universe has existed to output every single possible sequence that the generator produces.



• Click here to view existing comments.
• Or enter your new rhyme or reason
in the new comment box here.
• Or click the first Reply link below an existing
comment or reply and type in the
new reply box provided.
• Scrolling manually up and down the page
is also OK.

Static Pages (About, Quotes, etc.)

No Police Like H•lmes