« Half delete email without reading | Main | Microsoft hires former Sun, IBM executive to lead sales (InfoWorld) »
Backdoor suspected in encryption standard
By admin | November 20, 2007
Backdoor suspected in encryption standard
In his column for Wired magazine, cryptography guru Bruce Schneier has pointed out a potential backdoor in a new U.S. standard for random number generators. One of the four random number generators published by the National Institute for Standards and Technology (NIST) in its "Special Publication 800-90" (PDF file) – Dual_EC_DRBG – differs noticeably from the rest.
At the Crypto 2007 conference, Nils Ferguson and Dan Shumow described a generator vulnerability (PDF file) which, according to Schneier, should be classified as a potential "backdoor": The algorithm used in Dual_EC_DRBG is based on elliptic curves described by a series of constants. Although these constants are listed in the appendix to the NIST document, there is no description of their origin.
Heise Security, November 20, 2007 22:42 GMT+01
Topics: Software |