Wednesday, September 11, 2013


Government Announces Steps to Restore Confidence on Encryption Standards

The National Institute of Standards and Technology (NIST) is an agency of the U.S. Department of Commerce.

AML entrance at night
SAN FRANCISCO — The federal agency charged with recommending cybersecurity standards said Tuesday that it would reopen the public vetting process for an encryption standard, after reports that the National Security Agency had written the standard and could break it.
“We want to assure the I.T. cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” The National Institute of Standards and Technology said in a public statement.“N.I.S.T. would not deliberately weaken a cryptographic standard.”
The announcement followed reports published by The New York Times, The Guardian and ProPublica last Thursday about the N.S.A.’s success in foiling much of the encryption that protects vast amounts of information on the Web. 
The Times reported that as part of its efforts, the N.S.A. had inserted a back door into a 2006 standard adopted by N.I.S.T. and later by the International Organization for Standardization, which counts 163 countries as members.
For encryption to be secure, the system must generate secret prime numbers randomly. That random number generation process — which is based on mathematical algorithms — makes it practically impossible for an attacker, or intelligence agency, to predict the scrambling protocols that would allow it to unscramble an encrypted message.
But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.
Internal N.S.A. memos describe how the agency subsequently worked behind the scenes to push the same standard on the International Organization for Standardization. “The road to developing this standard was smooth once the journey began,” one memo noted. “However, beginning the journey was a challenge in finesse.”
At the time, Canada’s Communications Security Establishment ran the standards process for the international organization, but classified documents describe how ultimately the N.S.A. seized control. “After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A. became the sole editor.”
Cryptographers have long had mixed feelings about N.I.S.T.’s close relationship with the N.S.A., but many said last week’s revelations had confirmed their worst fears and eroded their confidence in N.I.S.T. standards entirely.
“We’ll have to re-evaluate that relationship,” Matthew D. Green, a cryptography researcher at Johns Hopkins University, wrote in a blog postThursday. “Trust has been violated.”
(Mr. Green said on Twitter Monday that Johns Hopkins asked him to remove that blog post.  He was allowed to reinstate it hours later after the university realized the content was based on public news reports. The university later apologized.)
On Tuesday, N.I.S.T. attributed the allegations to confusion and noted that it was required, by statute, to consult with the N.S.A.
“There has been some confusion about the standards development process and the role of different organizations in it,” the agency’s statement read. “N.I.S.T. has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (N.S.A.) participates in the N.I.S.T. cryptography process because of its recognized expertise. N.I.S.T. is also required by statute to consult with the N.S.A.”
The agency said that because of cryptographers’ concerns, it would reopen the public comment period for three publications — Special Publication 800-90A and drafts of Special Publications 800-90B and 800-90C — which all use the random number generator in question.
“If vulnerabilities are found in these or any other N.I.S.T. standard, we will work with the cryptographic community to address them as quickly as possible,” the agency’s statement said.
“I know from firsthand communications that a number of people at N.I.S.T. feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an interview Tuesday. “Reopening the standard is the first step in fixing that betrayal and restoring confidence in N.I.S.T.”
Tags : , , ,



The idea behind the text.
Respect for the truth is almost the basis of all morality.
Nothing can come from nothing.

Popular Topics


Well, the way they make shows is, they make one show. That show's called a pilot. Then they show that show to the people who make shows, and on the strength of that one show they decide if they're going to make more shows.

Like you, I used to think the world was this great place where everybody lived by the same standards I did, then some kid with a nail showed me I was living in his world, a world where chaos rules not order, a world where righteousness is not rewarded. That's Cesar's world, and if you're not willing to play by his rules, then you're gonna have to pay the price.

You think water moves fast? You should see ice. It moves like it has a mind. Like it knows it killed the world once and got a taste for murder. After the avalanche, it took us a week to climb out. Now, I don't know exactly when we turned on each other, but I know that seven of us survived the slide... and only five made it out. Now we took an oath, that I'm breaking now. We said we'd say it was the snow that killed the other two, but it wasn't. Nature is lethal but it doesn't hold a candle to man.

You see? It's curious. Ted did figure it out - time travel. And when we get back, we gonna tell everyone. How it's possible, how it's done, what the dangers are. But then why fifty years in the future when the spacecraft encounters a black hole does the computer call it an 'unknown entry event'? Why don't they know? If they don't know, that means we never told anyone. And if we never told anyone it means we never made it back. Hence we die down here. Just as a matter of deductive logic.