The US is to take steps to restore faith in a widely used encryption standard after documents released by whistleblower Edward Snowden indicated it contains a backdoor.
According to reports by the Guardian, the New York Times (NYT) and ProPublica, the US National Security Agency (NSA) can bypass encryption that protects much of the data on the web.
The report said the NSA inserted a back door into a 2006 release of the encryption standard adopted by the US National Institute of Standards and Technology (Nist).
The standard was later adopted by the International Organisation for Standardisation (ISO), which has 163 member countries.
Following the revelation, Nist has announced it will re-open the public vetting process for the encryption standard, according to the New York Times.
“We want to assure the IT cyber security community that the transparent, public process used to rigorously vet our standards is still in place,” Nist said in a statement.
The US federal agency said it would not deliberately weaken a cryptographic standard.
Adding further detail to initial reports, the NYT has revealed exactly how the NSA was able to compromise the encryption standard.
Internal memos leaked by Snowden suggest the NSA was responsible for one of the random number generators used in the 2006 Dual EC DRBG Nist standard.
As author of the random number generator, the NSA was able to predict the scrambling protocols, enabling it to access encrypted data.
The leaked memos also indicate that NSA worked behind the scenes to push the same standard into the ISO and to become the sole editor of the standard.
The NYT said cryptographers have long had mixed feelings about Nist’s close relationship with the NSA, but many said last week’s revelations had confirmed their worst fears and eroded their confidence in Nist standards.
Nist said that because of cryptographers’ concerns, it would reopen the public comment period for three standards that use the random number generator in question.
“If vulnerabilities are found in these or any other Nist standard, we will work with the cryptographic community to address them as quickly as possible,” the agency said.
Read more about Prism
Security Think Tank: Prism fallout could be worse than security risks
Security Think Tank: Prism is dangerous for everyone
Security Think Tank: Prism – Sitting duck or elaborate honeypot?
NSA surveillance whistleblower reveals identity
US repeatedly hacked China, claims NSA whistleblower
FBI spies on internet users
UK links to US internet surveillance remain unclear
Technology companies call for more transparency over data requests
Compliance: The Edward Snowden, NSA program controversy continues
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com