[LACNIC/Seguridad] US acts to restore faith in encryption standard after NSA backdoor revelation

Fernando Gont fernando en gont.com.ar
Mie Sep 11 13:48:08 BRT 2013

FYI. Fuente:

(A los seguidores de la trivia del futbol argentino esto puede
rememorarles una famosa frase de Diego "gambetita" Latorre :-) )

---- cut here ----
US acts to restore faith in encryption standard after NSA backdoor

The US is to take steps to restore faith in a widely used encryption
standard after documents released by whistleblower Edward Snowden
indicated it contains a backdoor.

According to reports by the Guardian, the New York Times (NYT) and
ProPublica, the US National Security Agency (NSA) can bypass encryption
that protects much of the data on the web.

The report said the NSA inserted a back door into a 2006 release of the
encryption standard adopted by the US National Institute of Standards
and Technology (Nist).

The standard was later adopted by the International Organisation for
Standardisation (ISO), which has 163 member countries.

Following the revelation, Nist has announced it will re-open the public
vetting process for the encryption standard, according to the New York

“We want to assure the IT cyber security community that the transparent,
public process used to rigorously vet our standards is still in place,”
Nist said in a statement.

The US federal agency said it would not deliberately weaken a
cryptographic standard.

Adding further detail to initial reports, the NYT has revealed exactly
how the NSA was able to compromise the encryption standard.

Internal memos leaked by Snowden suggest the NSA was responsible for one
of the random number generators used in the 2006 Dual EC DRBG Nist standard.

As author of the random number generator, the NSA was able to predict
the scrambling protocols, enabling it to access encrypted data.

The leaked memos also indicate that NSA worked behind the scenes to push
the same standard into the ISO and to become the sole editor of the

The NYT said cryptographers have long had mixed feelings about Nist’s
close relationship with the NSA, but many said last week’s revelations
had confirmed their worst fears and eroded their confidence in Nist

Nist said that because of cryptographers’ concerns, it would reopen the
public comment period for three standards that use the random number
generator in question.

“If vulnerabilities are found in these or any other Nist standard, we
will work with the cryptographic community to address them as quickly as
possible,” the agency said.
---- cut here ----

Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Más información sobre la lista de distribución Seguridad