Communications of the ACM
Nsa's Reported Tampering Could Change How Crypto Standards Are Made
Credit: ./RooTME
The U.S. National Institute of Standards and Technology (NIST) is formally reviewing its cryptographic standards development processes to address a loss of public confidence following reports that the U.S. National Security Agency (NSA) weakened NIST standards. A random number generator included in NIST recommendations for developing cryptographic keys is vulnerable to attacks that can uncover the cryptographic keys, according to documents released by former NSA contractor Edward Snowden.
"Our mission is to protect the nation's IT infrastructure and information through strong cryptography," says an NIST statement announcing the review. "We cannot carry out that mission without the trust and assistance of the world's cryptographic experts."
NIST is cataloging its development processes' goals and objectives, principles of operation, processes for identifying algorithms for standardization, and methods of review. Public comments will be considered, and an outside organization will assess the process. In addition, NIST will review its existing cryptographic work to ensure that its development is in line with the standards.
NIST develops standards in partnership with government and industry, and the agency does not intend to stop working with the NSA, says NIST's Matthew Scholl. "We have worked with the NSA for a long time on many different projects and will continue to do that," he says.
From Government Computer News
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found