Sign In

Communications of the ACM

ACM TechNews

Nsa Encryption Backdoor Proof of Concept Published

View as: Print Mobile App Share:
Artist's representation of coding.

A published proof-of-concept code demonstrates a way to exploit a security flaw in the Dual Elliptic Curve Deterministic Random Bit Generator, which allegedly was compromised by the U.S. National Security Agency.

Credit: Tweaktown

Security freelancer Aris Adamatiadis has published a proof-of-concept code for exploiting a security flaw in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), the random number generator allegedly compromised by the U.S. National Security Agency (NSA) so it could gain access to a particular security product.

Adamantiadis' proof-of-concept generates values for Dual_EC_DRBG's P and Q parameters—which were set by NSA when it developed the algorithm and are not randomly generated—to show that knowing the mathematical relationship between these parameters makes it possible to predict Dual_EC_DRBG's next output.

The publication of the proof-of-concept comes after RSA was accused of having an agreement with NSA to use Dual_EC_DRBG as the default pseudo-random number generator in its BSafe product in order to provide the NSA with a backdoor. RSA has denied those charges.

The use of Dual_EC_DRBG is no longer recommended by the U.S. National Institute of Standards and Technology, and in September, the agency reissued Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, and reopened the discussions around its special papers for the Entropy Sources Used for Random Bit Generation and Recommendation for Random Bit Generator Constructions.

From ZDNet
View Full Article


Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


No entries found