Hacker News new | ask | show | jobs
by qzx_pierri 472 days ago
I recommend this video by Computerphile - He talks about how NIST may have been pressured into enforcing compromised (backdoored?) cryptography methods as a standard - Dual_EC_DRBG to be exact. He also gives a super cool/intuitive breakdown on how this came to be. It will definitely grow some food for thought.

https://www.youtube.com/watch?v=nybVFJVXbww
2 comments
diggan 472 days ago
Small summary, courtesy of Wikipedia which makes a stronger claim than "may have been pressured":

> In September 2013, both The Guardian and The New York Times reported that NIST allowed the National Security Agency (NSA) to insert a cryptographically secure pseudorandom number generator called Dual EC DRBG into NIST standard SP 800-90 that had a kleptographic backdoor that the NSA can use to covertly predict the future outputs of this pseudorandom number generator. [...] the NSA worked covertly to get its own version of SP 800-90 approved for worldwide use in 2006. The whistle-blowing document states that "eventually, NSA became the sole editor".

https://en.wikipedia.org/wiki/National_Institute_of_Standard...

link
tptacek 472 days ago
Dual EC was not the product of a contest. The NIST PQC algorithms are all designed by academic cryptographers, many of them not US nationals.
link
natch 472 days ago
And chosen by NIST…
link
tptacek 472 days ago
And? Finish that thought.
link
natch 472 days ago
You are tptacek; I believe you know exactly what I meant. But to indulge you, do you think we can know that the selection process is not comprised?
link
tptacek 472 days ago
Explain what the compromised selection process does here. NIST doesn't control the submissions.
link
immibis 472 days ago
Seems pretty obvious no?

1. Pretend to be someone else and enter a backdoored algorithm. Or pressure someone to enter a backdoored algorithm for you. Or just give them the algorithm for the reward of being the winner.

2. Be NIST, and choose that algorithm.

link
natch 472 days ago
Your question presupposes a claim that the selection process is compromised. I'm not saying it is. I just wonder how we know it's not.

In NIST's position one could analyze the submissions for vulnerabilities to closely held (non-public) attacks, then select submissions having those vulnerabilities.

link