Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Science

formercia

(18,479 posts) Mon Sep 9, 2013, 09:31 AM Sep 2013

Kleptography

Another story — once again not really news — describes a practice that Congress should make flat-out and unambiguously illegal: The NSA submitted to NIST (National Institute of Standards and Technology) a random number generation algorithm with a backdoor in it.
There's actually a technical term for this sort of vulnerability: Kleptography is the use of attacks built into a cryptographic system, i.e. a crypto backdoor. That's a great term.
The algorithm (Dual_EC_DRBG or Dual Elliptic Curve Deterministic Random Bit Generator) was known as an NSA algorithm; being top experts in the field, the NSA had long been involved in cryptographic standardization. In 2007 the back-door was found and reported by Microsoft engineers. Those in the know quickly guessed that the NSA had tried to insert a back-door into the algorithm and the result was a clear loss of respect for and trust in the NSA in a field where they had made many positive contributions to the security of the US and its citizens. Great work guys.

http://www.zdnet.com/has-the-nsa-broken-our-encryption-7000020307/?s_cid=e551&ttag=e551

Reply to this discussion