Did NSA Put a Secret Backdoor in New Encryption Standard? (2007)

Yes, from the New York Times:<p>Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”<p>“Eventually, N.S.A. became the sole editor,” the memo says.

The NYT piece today had different redactions than the Guardian, showing the NSA may have done this with commercial VPN ASICs.<p>The Times includes &quot;Complete enabling for [XXXXXXX] encryption chips used in Virtual Private Network and Web encryption devices.&quot; <a href="http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us#briefing" rel="nofollow">http:&#x2F;&#x2F;www.nytimes.com&#x2F;interactive&#x2F;2013&#x2F;09&#x2F;05&#x2F;us&#x2F;documents-r...</a><p>(compare to <a href="http://www.theguardian.com/world/interactive/2013/sep/05/sigint-nsa-collaborates-technology-companies" rel="nofollow">http:&#x2F;&#x2F;www.theguardian.com&#x2F;world&#x2F;interactive&#x2F;2013&#x2F;sep&#x2F;05&#x2F;sig...</a> )

On Schneier&#x27;s blog here: <a href="https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2007&#x2F;11&#x2F;the_strange_s...</a>

You don&#x27;t even need to ask if the NSA broke the encryption to answer the question &quot;Is this standard effectively compromised and not suitable for use?&quot;<p>Based on what we already know, keeping in mind the goal of encryption in the first place, the answer is &quot;yes.&quot;<p>But it is <i>also</i> a decent assumption to think that it is precisely the NSA that has broken the standard in light of the recent reporting by the NYT.

This is clearly exaggerated. There&#x27;s no way the NSA would ever do such a thing. Surely it would weaken US communications as well, and one of their mandates is to protect US communications - not to spy on americans, which it&#x27;s forbidden to do.<p>NIST and the NSA are obviously above reproach in this case.<p>[&#x2F;sarcasm]

So, it&#x27;s six years later. Is Dual_EC_DRBG in use in any commercial products?

Is this encryption standard used in any real life applications? It sounds like people had a ton of problems with it even just right as it was released. They may have forced the standard, but it didn&#x27;t look like it was adopted.

It is might be time for an audit of code submits to the encryption libararies in open source projects.

<a href="http://www.youtube.com/watch?v=W8ZETOz5Fbs" rel="nofollow">http:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=W8ZETOz5Fbs</a>

That&#x27;s why my projects use RIPEMD rather than SHA. I prefer my encryption algorithms to <i>not</i> be developed by an organization that has a vested interested in them being broken.

Would love to see an update to this with some context. So this became a government standard...but was it widely adopted in the industry (outside of government)? It had already been under suspicion of this fatal flaw before its release and Schneier says it was &quot;also three orders of magnitude slower than its peers&quot;...even if the security flaw didn&#x27;t deter users, I would think a performance drop of <i>three magnitudes</i> would make it unpopular for use in anywhere but the government [insert joke about government inefficiency here].

Digital fortress anyone?

No. (per Betteridge&#x27;s law of headlines)