NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.
The Dual_EC random number generator was at the center of a controversy in the security community two years ago after revelations that the National Security Agency had exerted its influence on the development of the algorithm and intentionally weakened it to allow the agency to access communications protected by products that use Dual_EC. The random number generator later was included in the RSA BSAFE crypto library as the default algorithm. The BSAFE library is used in a long list of encryption products.
After information about the weakness of Dual_EC became public, NIST, which sets technology standards for the federal government, warned against the use of the RNG, as did RSA Security a few weeks later.
NIST in April 2014 published a draft version of its updated recommendations about which RNGs should be used, and Dual_EC was not in the document. Now, the final version of the document is out, and the weak RNG is officially off the NIST list of recommended algorithms.
“One of the most significant changes to the document is the removal of the Dual_EC_DRBG algorithm, often referred to conversationally as the ‘Dual Elliptic Curve random number generator.’ This algorithm has spawned controversy because of concerns that it might contain a weakness that attackers could exploit to predict the outcome of random number generation,” NIST officials said in a release accompanying the publication of the new document.
The NIST document, “Recommendation for Random Number Generation Using Deterministic Random Bit Generators”, includes detailed technical explanations of how RNGs work and what properties sound algorithms should have.
Image from Flickr photos of eye/see.