Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Panel Finds NIST Relied Too Much on NSA in Dual EC Debacle

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "A group of outside experts found that the process that led to the inclusion of the weakened Dual EC_DRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of Standards and Technology increase the number of cryptographers it employs and also that it take steps to clarify and define its relationship with the NSA.

The report from the Visiting Committee on Advanced Technology’s Committee of Visitors, released Monday, found that NIST was overly reliant on the input and expertise of NSA cryptographers and that the organization should have paid more attention to outside criticisms of the algorithm.

“The reconstruction of events showed that the issues with the DRBG had been identified several times – formally and informally – during the standards development process, and that they had been discussed and addressed at the time. NIST now concludes, however, that the steps taken to address the issues were less effective than they should have been, and that the team failed to take actions that, in the light of hindsight, clearly should have been taken. The root causes of the failure were identified as trust in the technical expertise provided by NSA, excessive reliance on an insular community that was somewhat impervious to external feedback, group dynamics within the standards development team, and informal recordkeeping over the course of a multi- year development process,” Ellen Richey, one of the committee members and executive vice president and chief enterprise risk officer at Visa, wrote in her recommendations in the report."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Panel Finds NIST Relied Too Much on NSA in Dual EC Debacle

Comments Filter:

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...