NIST removes cryptography algorithm from random number generator recommendations

Apr 22, 2014 by Jennifer Huergo

Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators. Before implementing the change, NIST is requesting final public comments on the revised document, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST Special Publication 800-90A, Rev. 1).

The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data. It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible.

In September 2013, news reports prompted public concern about the trustworthiness of Dual_EC_DRBG. As a result, NIST immediately recommended against the use of the algorithm and reissued SP 800-90A for public comment.

Some commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys. Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG from the Rev. 1 document.

The revised SP 800-90A is available at csrc.nist.gov/news_events/index.html#apr21 along with instructions for submitting comments. The public comment period closes on May 23, 2014. NIST will take those comments into consideration in making any revisions to SP 800-90A.

NIST recommends that vendors currently using Dual_EC_DRBG who want to remain in compliance with federal guidance, and who have not yet made the previously recommended changes to their cryptographic modules, should select an alternative algorithm and not wait for further revision of the Rev. 1 document.

NIST advises federal agencies and other buyers of cryptographic products to ask vendors if their cryptographic modules rely on Dual_EC_DRBG, and if so, to ask their vendors to reconfigure those products to use alternative algorithms.

A list of cryptographic modules that include Dual_EC_DRBG can be found at http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html. Most of these modules implement more than one random number generator. In some cases, the Dual_EC_DRBG algorithm may be listed as included in a product, but another approved algorithm may be used by default. If a product uses Dual_EC_DRBG as the default generator, it may be possible to reconfigure the product to use a different default .

Draft versions of related guidance, 800-90 B: Recommendation for the Entropy Sources Used for Random Bit Generation and 800-90 C: Recommendation for Random Bit Generator (RBG) Constructions, were also released for comment in September 2013 and are still under development.

The concerns raised over the development of SP 800-90 and the inclusion of Dual_EC_DRBG prompted NIST to review its cryptographic standards development process. In February 2014, NIST released NIST IR7977: DRAFT NIST Cryptographic Standards and Guidelines Development Process for public comment. The public comment period on NIST IR 7977 closed on April 18, 2014.

NIST's primary federal advisory committee, the Visiting Committee on Advanced Technology, has also been asked to review NIST's cryptographic standards process, and the committee plans to produce a public report of its findings and recommendations.

Explore further: Japan orders air bag maker to conduct probe

add to favorites email to friend print save as pdf

Related Stories

NIST proposes update to digital signature standard

Apr 18, 2012

The National Institute of Standards and Technology (NIST) has announced proposed changes to a standard that specifies how to implement digital signatures, which can be used to ensure the integrity of electronic documents, ...

Build safety into the very beginning of the computer system

Apr 29, 2011

A new publication from the National Institute of Standards and Technology (NIST) provides guidelines to secure the earliest stages of the computer boot process. Commonly known as the Basic Input/Output System (BIOS), this ...

Recommended for you

Namibia prepares for Africa's first e-vote

10 hours ago

Namibia will vote in Africa's first electronic ballot Friday, a general election that will usher in a new president and quotas to put more women in government.

GoGlove wearable aims to control life's soundtracks

12 hours ago

Technology creatives are seeing the key attraction in wearables as being in solutions that save the user from fumbling around with the phone to make app adjustments or changes, or from repeatedly taking it ...

Amazon cuts Fire phone price to ignite sales

13 hours ago

Amazon on Wednesday slashed the price of Fire mobile phones that stalled after launch early this year, becoming a drag on the US online retail titan's bottom line.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.