NIST, Lap-Dogs Of The NSA?

Encryption

Did the NIST deliberately weaken encryption standards to help the NSA?  They say no!

“We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” said NIST.

NIST (National Institute of Standards and Technology), denies it has weakened it’s encryption standard in order to please the NSA.  If the suspicion is true, this would no doubt give the NSA an even larger advantage over the general public to protect their secure data and lives.  “NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.”

Remember the people Robin HoodEdward Snowden? (gawd I hope so!). According to one of the NSA memos released, the intelligence agency’s budget includes efforts to “influence policies, standards and specifications for commercial public key technologies.”  The document also referenced NIST Special Publication 800-90 which was a 2006 encryption standard adopted by NIST which used four deterministic random bit generators.

“What are these generators?” you might ask. Dual_EC_DRBG is one of them. This particular generator was the subject of much attention because it is considerably slower than the other three methods and was specifically championed by the NSA.

Only a single year after it’s release, two Microsoft researchers – Dan Shumow and Niels Ferguson – explained and demonstrated how Dual_EC_DRBG was crackable.  They described it as being unsafe.  They, however, did not mention the possibility of any inserted backdoors and smartly did not point any fingers at the NSA.

NIST has admitted working with the NSA is standard operating procedure for their organization.  In fact, they mentioned it was required by law to consult with the NSA on matters of security.

Bruce Schneier, who is an American cryptographer, computer security specialist, and writer, stated although the NIST has opened the standard to public comment again, he warned that after reviewing Snowden’s material this won’t be good enough to save credibility in the eyes of the people. ”NIST took a big credibility hit unfortunately,” he said in a podcast. “There are good people there doing good work but we don’t know which of their standards are tainted, we don’t know how much collaboration there is with the NSA.

“And unfortunately because trust is lost when they get up and say the NSA doesn’t affect our standards we don’t believe them.  We need a way to get back trust.”

As for Hackronomicon, it is our belief that everything is always in question.  You can never trust 100% you or your data is safe and secure.  There are always going to be dangerous secrets, there will always be information people want to keep to themselves and the safety, and security of that information should always be considered under the microscope.  This should remain a constant for the same reason you should always treat a firearm as if it is loaded, even when you know it is completely empty.

Stay frosty!

 

Leave a reply