Dual_EC_DRBG Cryptography Algorithm Removed from NIST’s Random Number Generator Recommendation
The National Institute of Standards and Technology’s (NIST) has removed the Dual_EC_DRBG cryptography algorithm from the Random Number Generator Recommendation due to concerns about a weakness, the institute announced.
The Dual_EC_DRBG algorithm, first made public in 2004 and used since in the controversial RSA BSAFE cryptographic library, may be vulnerable to deciphering, NIST said.
“Some commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys,” NIST said. “Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG from the Rev. 1 document.”
NIST published a list of cryptographic modules that use more than one algorithm where, in some cases, another algorithm can be used by default even if the Dual_EC_DRBG is included in the product.
“If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm,” NIST said.
Now NIST advises users of Dual_EC_DRBG to migrate as soon as possible to one of the other three remaining random number generator algorithms, including Hash_DRBG, HMAC_DRBG or CTR_DRBG.
Also vendors who use Dual_EC_DRBG and want to comply with federal guidance are recommended to move on to an alternative algorithm.
This decision was taken after documents leaked by former intelligence contractor Edward Snowden revealed a backdoor placed by the NSA in the RSA’s BSAFE Dual_EC_DRBG algorithm.
The backdoor is not the only one. This month, researchers found another in RSA’s BSAFE library dubbed “Extended Number.”