Is There an NSA Back Door in Encryption Algorithms?
November 26, 2007 Timothy Prickett Morgan
In general, security is not a beat we cover very deeply at IT Jungle. The enterprise-class platforms we cover are all designed with many different kinds of security, and we let experts worry about the very hairy details that go into securing platforms, much as end users themselves do when they trust encryption, antivirus, firewall, and other kinds of code. But what happens when the encryption code behind these products is flawed.
A recent story in Wired magazine had a title that jumped out like a criminal wielding a gun: Did NSA Put a Secret Backdoor in New Encryption Standard? It wouldn’t surprise many of us if the dominant governments of the world did such a thing, of course. Author Bruce Schneier, a researcher in cryptography, says that the random number generators inside of Windows and Linux have been flawed, and a decade ago, so was the algorithm used in SSL encryption because of a defect in a random number generator. Flaws are bad. But there is apparently a sneaking suspicion among security experts that a new encryption algorithm proposed by the U.S. Commerce Department’s National Institute of Standards and Technology, called SP 800-90, and promoted by the U.S. National Security Agency might have a skeleton key.
Without getting too deep into it, the idea is that if you know a secret string of numbers, you can predict the output of the Dual_EC_DRBG random number generator behind the SP 800-90 algorithm; and if you can predict the results of a random number generator, then it ain’t random at all, now is it? Dan Shumow and Niels Ferguson of Microsoft have put together a nice presentation talking about the possibility of a back door in the SP 800-90 when using the Dual_EC_DRBG random number generator, which you can read here. You need to know a lot of math to make sense of this, but you get the larger point they are making.
The question everyone wants to know now is this: Who has the constants behind the algorithm? (The Microsoft researchers do not know them, and it is probably impossible to derive them from the algorithm.) Moreover, why would anyone try to slip this one by? Personally, I smell a misdirection tactic, and if I was a security expert, I would be combing over the remaining random number generators for similar, how shall I put this, features.
The good news is that the SP 800-90 standard includes other random number generators. When you are buying security products, check to see if they are using SP 800-90 encryption and make sure it is not using the Dual_EC_DRBG random number generator.