Skip Links

Does NSA have a backdoor to cryptographic random-number generator?

By Paul McNamara on Thu, 11/15/07 - 8:56am.

Is there any better indication of how far our freedoms have eroded than the frequency and vigor with which security experts question the means and motivation behind U.S. government actions purportedly intended to keep us safe? Suspicion of the government has always been natural, of course, but today it has become - quite rightfully - a defense mechanism of the first order.

This morning's example comes from the field of cryptography: Security consultant Bruce Schneier, leaning on analyses from other experts, questions why one of four government-sanctioned random-number generators (.pdf) - the one "three orders of magnitude slower than its peers" - includes what "can only be described as a backdoor."

In addition to the vulnerability, which Schneier says would be enough to spook cryptographers, there is this to know about the suspect random-number generator: It's one of the chosen four only because the National Security Agency insisted.

The backdoor boils down to a question of who, if anyone, possesses a "secret set of numbers that can act as a kind of skeleton key," according to Schneier:

The (outside) researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.

Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants - and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does.

We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST - or anyone else - to prove otherwise.

Which brings us back to distrust: Who at this point is willing to grant the government the benefit of the doubt?

This particular issue isn't likely to fade away, what with the use of encryption - as well as attacks on its leading algorithms - increasing here and abroad.

You don't have to be a conspiracy theorist to be worried.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

When the patient is a Googler and the doctor is a pompous jerk.

10 reasons you shouldn't believe in UFOs.

5 reasons "virtual marriage" won't happen.

FiOS stands for Fire is Our Speciality: latest in the continuing saga.

Cell phone jamming on the rise.

NY denies "E-Z Pass speed trap" coming.

One picture is worth 335,000 charred acres - latest from NASA.

Researchers turn to xkcd for direction.

Federal "fix" knocks ca.gov for a loop