Fujitsu
Not logged in » Login
X

Please login

Please log in with your Fujitsu Partner Account.

Login


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now

Recent Discussion:

NickBown | 22.12.2018, 14:18
We have come across this issue as well, and don't seem to have found a way around it (the server is ...
NickBown | 20.12.2018, 18:40
Hi everyoneWe've got an RX2540 M1 which won't boot past the Fujitsu splash screen (which shows the i...
MarkM | 15.10.2018, 11:33
Hi there.I do not believe the Fujitsu policy on this subject has changed.So NO you can not order dri...
Jun 30 2015

NIST Drops Contested Encryption Algorithm

Two years after the Snowden leaks, U.S. authorities are taking technical steps to regain at least some of the trust that was lost as a result of NSA attempts to compromise a certain encryption method.

Trust plays a key role in every single effort to establish IT security. If people or organizations have reason to doubt the methods applied or fear that they won't work as expected, that's usually the death knell for any given protection mechanism and the related products, regardless of whether we're talking about mobile banking apps, firewalls, network and data transfer protocols or, as in this case, encryption programs. The U.S. National Institute of Standards and Technology (NIST) learned that the hard way: Following the revelation that the NSA-developed Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm it had once endorsed most likely contains a backdoor for the rampant spy agency, a massive debate arose that threatened to marginalize NIST-approved cryptographic methods and standards altogether. Consequently, the institute rushed to the rescue – first by warning implementers against the use of Dual_EC_DRBG as early as September 2013, and then by reopening the review process for the number generator.

The result of this review is now out, and it's no compliment for the NSA's developers as well as the NIST team that accepted the algorithm: Revision 1 of the NIST Special Publication (SP) 800-90A, entitled Recommendation for Random Number Generation Using Deterministic Random Bit Generators, flat out "removes" Dual_EC_DRBG from the roster of supported algorithms – an act that many will interpret as a kind of retroactive admission that something did indeed go wrong when it was first approved and standardized in spring 2007. In particular, NIST practically ignored massive criticisms of the weaknesses and insecurities ingrained in the algorithm that were published between the first draft release of NIST SP 800-90A and its issuing of the finalized version. Given this context, the abolition of Dual_EC_DRBG is in fact significant, all the more so because the revised document does not withdraw its hash- and block-cipher-based cousins Hash_DRBG, HMAC_DRGB and CTR_DRBG. Trust, however, is still a transient asset – and it's entirely up to the users whether or not they believe these algorithms are secure – or at least secure enough for the time being.

For the full take on how Dual_EC_DRBG passed the review process, check out the related blog entries from renowned crypto experts Bruce Schneier (dated 11-15-07) and Matthew Green (dated 09-18-13).

 
SHARE

Comments on this article

No comments yet.

Please Login to leave a comment.