NIST Refutes Allegations NSA Compromised Crypto Standards

UPDATE–The revelations last week in leaked NSA documents that the intelligence agency had influenced the standards process at NIST to allegedly deliberately weaken unnamed cryptographic algorithms have spurred a huge amount of speculation and discussion in the security community about the implications and consequences of the NSA’s actions. For its part, NIST is seeking to reassure people that its standards process hasn’t been compromised.

In a statement released Sept. 10, NIST (National Institute for Standards and Technology) said that its standards are always rigorously vetted by outside experts and that the agency would never intentionally backdoor an algorithm.

“We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” the statement says.

“NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.”

As a result of the questions about NIST’s relationship with NSA, NIST has re-opened the comment period on several of its cryptographic standards related to elliptic curves. The agency is accepting comments on 800-90 A Rev. 1, 800-90 B and 800-90 C. These standards are related to random number generation.

NIST is the federal agency responsible for developing technology standards and best practices for the federal government. The organization focuses on a number of different areas, with one of its main concerns being cryptography and computer security. NIST sponsors competitions periodically for new hash and cryptographic algorithms, and just last year selected a new algorithm called Keccak to become the standard hash algorithm. A few years ago, the agency held a competition to replace DES, then the accepted encryption standard, with an algorithm called Rijndael winning and becoming the AES standard.

The documents leaked last week included a briefing sheet for British intelligence that details some of the work that the NSA has been doing for several years on defeating encryption. Those efforts include advances against the algorithms themselves, as well as subverting the protocols by asking vendors to insert backdoors into the hardware or software that implements the encryption. The document says the NSA has “abilities to defeat the encryption used in network communication technologies.”

A portion of the NSA’s secret budget, obtained by the New York Times, reveals that the NSA works to “influence policies, standards and specifications for commercial public key technologies”.

NIST regularly consults with the NSA on cryptographic matters, and is in fact required to do so by law. The NIST statement said that consultation is above board.

“NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA,” the statement says.

Despite the agency’s reassurances, security experts and cryptographers say that the revelations about the NSA’s influence on the NIST process may have caused major damage to NIST’s reputation.

“I think NIST took a big credibility hit, unfortunately. And there are good people there doing good work, but we don’t know which of their standards are tainted,” Bruce Schneier, a cryptographer who has seen some of the leaked documents regarding the NSA’s capabilities, said in a podcast interview Wednesday. “And unfortunately, because trust is lost, when they get up and say, the NSA doesn’t affect our standards, we don’t believe them. We need a way to get trust back.”

Image from Flickr photos of Dan4th Nicholas.


Suggested articles

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.