Tuesday, July 15, 2014

Even the Government Doesn't Trust the Government

The Visiting Committee on Advanced Technology, an independent body established by NIST last year to review the agency’s cryptographic standards development process, suggests the National Institute of Standards and Technology (NIST) hire more cryptographers and lessen its reliance on the National Security Agency (NSA) for approving cryptographic algorithms.

NIST is the standards-setting body of the U.S. government. NSA is a signals intelligence gathering agency, part of the U.S. government's intelligence community.

NSA contractor Edward Snowden leaked information showing NIST approved a random number generator (Dual EC_DRBG) that had been deliberately weakened by NSA. Because it did not have enough cryptography experts on staff, NIST was overly-reliant on NSA for expert advice on the standard and failed to notice problems even as private sector researchers were raising concerns.

No comments:

Post a Comment