NIST drops NSA-backed algorithm from encryption recommendations

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

“Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators,” the organization has announced.

The cryptographic algorithm in question is the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), the trustworthiness of which was put into question by last year’s revelation that the NSA has influenced the NIST and the International Organization for Standardization to adopt it as part of an encryption standard. The Dual_EC_DRBG, it was revealed, had a weakness known at the time only to the intelligence agency.

NIST has reacted to this by reopening the public comment period for the standard that included the algorithm and the drafts of several others, saying that if vulnerabilities are found in these or any other NIST standards, they will work with the cryptographic community to address them as quickly as possible.

While is yet to definitely and permanently implement the change in the final version of the document (Recommendation for Random Number Generation Using Deterministic Random Bit Generators), they have already decided to remove the algorithm based on their own evaluation, but also on the loss of trust by the public.

“NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm and not wait for further revision of the Rev. 1 document,” they concluded, adding that federal agencies should make sure to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and to ask them reconfigure those products to use alternative algorithms if they do.

Alternative random number generators that will continue to be backed by NIST are Hash_DRBG, HMAC_DRBG, and CTR_DRBG.

The institute has also provided a helpful list of cryptographic modules and details about the random number generator(s) they use.