Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

+ - Panel Finds NIST Relied Too Much on NSA in Dual EC Debacle

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "A group of outside experts found that the process that led to the inclusion of the weakened Dual EC_DRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of Standards and Technology increase the number of cryptographers it employs and also that it take steps to clarify and define its relationship with the NSA.

The report from the Visiting Committee on Advanced Technology’s Committee of Visitors, released Monday, found that NIST was overly reliant on the input and expertise of NSA cryptographers and that the organization should have paid more attention to outside criticisms of the algorithm.

“The reconstruction of events showed that the issues with the DRBG had been identified several times – formally and informally – during the standards development process, and that they had been discussed and addressed at the time. NIST now concludes, however, that the steps taken to address the issues were less effective than they should have been, and that the team failed to take actions that, in the light of hindsight, clearly should have been taken. The root causes of the failure were identified as trust in the technical expertise provided by NSA, excessive reliance on an insular community that was somewhat impervious to external feedback, group dynamics within the standards development team, and informal recordkeeping over the course of a multi- year development process,” Ellen Richey, one of the committee members and executive vice president and chief enterprise risk officer at Visa, wrote in her recommendations in the report."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Panel Finds NIST Relied Too Much on NSA in Dual EC Debacle

Comments Filter:

Nobody's gonna believe that computers are intelligent until they start coming in late and lying about it.

Working...