http://mises.org/Community/blogs/crypto/archive/tags/security/default.aspxTags: securityenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://mises.org/Community/blogs/crypto/archive/2007/11/15/did-the-nsa-put-a-backdoor-in-a-new-encryption-standard.aspxFri, 16 Nov 2007 00:04:00 GMT944abf2b-d1be-4bf2-990d-438cb0e377e9:3561Autonomist018http://mises.org/Community/blogs/crypto/rsscomments.aspx?PostID=3561http://mises.org/Community/blogs/crypto/commentapi.aspx?PostID=3561http://mises.org/Community/blogs/crypto/archive/2007/11/15/did-the-nsa-put-a-backdoor-in-a-new-encryption-standard.aspx#commentsBecause the government is a major consumer of crypto products, government entities create or approve most of the encryption standards used in the industry.&nbsp; One of the key ingredients of crypto technology are random number generators.&nbsp; Getting random numbers from a computer is a very tricky problem, so the U.S. government actually publishes random number algorithms created by computer scientists and government agencies.&nbsp; This year, the government produced a new standard, which may soon be integrated into crypto software worldwide.&nbsp; Three of the four algorithms in the standard are based on industry standards, but one comes from the National Security Agency.&nbsp; The NSA&#39;s algorithm is more complex and slower than the others, so many people wondered why the NSA pushed to have it included.&nbsp; <p>In a recent CRYPTO 2007 conference, some <a href="http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115">computer scientists discovered that the algorithm has a possible backdoor key</a>, which allows the numbers it generates to be predicted.&nbsp; While we don&#39;t know whether the NSA has the key, we can be sure that either it has the key or it released a dangerously broken standard.&nbsp; (Now that the vulnerability is known, vendors are unlikely to use it, so the NSA wouldn&#39;t have knowingly released a faulty standard unless it had the key.)</p> <p>A paranoid person might wonder if having <a href="http://en.wikipedia.org/wiki/Clipper_chip">failed </a>to force broken crypto on us at the hardware level, the government has some kind of nefarious plan to sneak one in.&nbsp; Simply requiring that the standard be used by government contractors might be sufficient to get it adopted by the industry due to its market share.&nbsp; People take much more care in selecting and testing encryption algorithms than random number generators.</p>Reassuring answers on this issue are not likely to be forthcoming, so here are some rules of thumb: <ul><li>Real security requires evaluating the whole process, not just a good encryption algorithm.</li><li>Don&#39;t trust a security solution just because it is widely used or government approved.</li><li>Don&#39;t trust a security solution that is isn&#39;t open to peer review.</li></ul> <p>&nbsp;</p><div style="clear:both;"></div><img src="http://mises.org/Community/aggbug.aspx?PostID=3561" width="1" height="1">cryptographysecurity