Did NSA Put a Secret Backdoor in New Encryption Standard?

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

View: Full Story @ Wired

Report a problem with article
Previous Story

Pricing, Packaging, and Licensing for Windows Server 2008

Next Story

Singapore bans Microsoft's video game for sex scene

20 Comments

Commenting is disabled on this article.

all these flaws are broken not becuase of maliciuos intent most of the time, but becuase ppl want to see if there good enough and set themselves of the challenge of breaking it. Have to set goals if ya want to achieve someat, lets go crazy and kill all encryptoin everywhere if everything is easy access no one will want to know because theres nothing "hidden" to look far, theres no secrets and i reckon no one will care what any government is upto because why bother to find someat hidden when it ops . i personally wouldnt.

thats my 2 bits

This was such a lame attempt by the NSA, I suspect it was just a disinformation bid to lead us in the wrong direction.

why cant they like, use the microphone input on your soundcard as a source of randomness instead of relying on complicated maths and hope that nobody figures out what they are doing?

carmatic said,
why cant they like, use the microphone input on your soundcard as a source of randomness instead of relying on complicated maths and hope that nobody figures out what they are doing?

I had to recently generate a certificate to develop software and part of the process involved pressing random keys and randomly moving and clicking the mouse, just to generate lots of random user input.

What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output.

Not that this sounds "special" for a random number generator. A generator in software (that doesn't base its seed on chaotic data from an external source like background radiation) is only as functional as the secrecy of its seed value. RSA and some others may be seen as different than that, because they also require you to know the input prime numbers, not just the seed itself, but those can then also be seen as being part of the seed.

So if those "keys" they're talking of is part of the seed value, I don't really see what's the news here. In that case, if NSA pushes an algorithm, naturally this is the reaction that will happen, and they will definitely not reveal the information this article is looking for. Doing that could risk breaking the algorithm.

me personally, i just use TrueCrypt for my encryption needs and be done with it ;)

i think this is the best for "software" encryption out there.

There was a story on slashdot last week on a paper written on the flaws of win 2000's random number generator, the papers authors expected it was the same in XP and Vista, though the API has changed. Someone linked this article (below) that I found interesting, I figure it would interest those reading this article too.

this article uses 3d mapped esults to show strange correlations produced by various OS random number algorithms used for various OS's including BSD, OSX, OS 9, XP sp2

http://lcamtuf.coredump.cx/newtcp/

one is so simple you can guarantee "the results are 100% predictable in 5,000 attempts".

I'd love to see plos for Vista (hopefully changed), leopard (probably unchanged as it's pretty good), and this new 'standard'.

It was a long time since I saw those random number generator plots... Interesting :)

I wish they would be updated to have Vista in there too.

It's a nice way of visualizing the randomness of the generators. It looks like 2000/XP is fair, UNIX-based operating systems (then including OS X) often better off. And Cisco IOS was amazing there.

Of course they put a back door in.... they have to.... In order to market an encryption method, Law enforcement needs to have a way in.... I mean seriously.... If this didn't happen, virtually anyone could do anything online and get away with it: trade kiddie porn, plan terrorist attacks on the US, take down internet backbones, etc... I certainly wouldn't want that **** going on under my nose...

I hope you're kidding.

Any back door into an encryption method completely negates the usefulness of that encryption method because it will be discovered and will be exploited by those for whom it is not intended.

Lately Wired has become weird.

A random number generator depend in the seed, if they say that the seed is a constant then the generator always will return the same values. It's the reason because the seed is generated by a variable such seconds since midnight or miliseconds.

For example :

Think a number from 1 to 10 ? _____ (this number will be the seed).

The random number will be = (11 - seed). so even with a simple algorith without knowing the seed is "impossible" to obtain the random number.

if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances

interesting. then this make that cyphering scheme totally useless. Time to move on to something else.

Nice job NOT reading the article.

The NSA developed a recommended random number generator.

The rest of the world can use whatever they want.