NSA 'altered random-number generator'

Related Stories

US intelligence agency the NSA subverted a standards process to be able to break encryption more easily, according to leaked documents.

It had written a flaw into a random-number generator that would allow the agency to predict the outcome of the algorithm, the New York Times reported.

The agency had used its influence at a standards body to insert the backdoor, said the report.

The NSA had made no comment at the time of writing.

According to the report, based on a memo leaked by former NSA contactor Edward Snowden, the agency had gained sole control of the authorship of the Dual_EC_DRBG algorithm and pushed for its adoption by the National Institute of Standards and Technology (Nist) into a 2006 US government standard.

The NSA had wanted to be able to predict numbers generated by certain implementations of the algorithm, to crack technologies using the specification, said the report.

Nist standards are developed to secure US government systems and used globally.

The standards body said that its processes were open, and that it "would not deliberately weaken a cryptographic standard".

"Recent news reports have questioned the cryptographic standards development process at Nist," the body said in a statement.

"We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place."

Impact

It was unclear which software and hardware had been weakened by including the algorithm, according to software developers and cryptographers.

For example, Microsoft had used the algorithm in software from Vista onwards, but had not enabled it by default, users on the Cryptography Stack Exchange pointed out.

The algorithm has been included in the code libraries and software of major vendors and industry bodies, including Microsoft, Cisco Systems, RSA, Juniper, RIM for Blackberry, OpenSSL, McAfee, Samsung, Symantec, and Thales, according to Nist documentation.

Whether the software of these organisations was secure depended on how the algorithm had been used, Cambridge University cryptographic expert Richard Clayton told the BBC.

"There's no easy way of saying who's using [the algorithm], and how," said Mr Clayton.

Moreover, the algorithm had been shown to be insecure in 2007 by Microsoft cryptographers Niels Ferguson and Dan Shumow, added Mr Clayton.

"Because the vulnerability was found some time ago, I'm not sure if anybody is using it," he said.

A more profound problem was the possible erosion of trust in Nist for the development of future standards, Mr Clayton added.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

How movie dinosaurs lied to us

What’s wrong with cinema’s monster lizards Read more...

Programmes

  • Traffic lightsClick Watch

    From hacking cars to traffic lights - behind the scenes at a cyber-security conference

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.