Security News > 2022 > June > On the Subversion of NIST by the NSA
Abstract: In recent decades, the U.S. National Institute of Standards and Technology, which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards.
Edward Snowden disclosed that the National Security Agency had subverted the integrity of a NIST cryptographic standardthe Dual EC DRBGenabling easy decryption of supposedly secured communications.
NIST remains the only viable candidate for effectively developing internationally trusted cryptography standards.
Cryptographic algorithms are essential to security yet are hard to understand and evaluate.
In particular, these nations do not necessarily trust the developer of the cryptographic standard.
Seeking to understand how NIST, a U.S. government agency, was able to remain a purveyor of cryptographic algorithms despite the Dual EC DRBG problem, we examine the Dual EC DRBG situation, NIST's response, and why a non-regulatory, non-national security U.S. agency remains a successful international supplier of strong cryptographic solutions.
News URL
https://www.schneier.com/blog/archives/2022/06/on-the-subversion-of-nist-by-the-nsa.html