Must Reads

Canada Facilitated NSA’s Effort To Weaken Encryption Standards

The NY Times reports that Canada played a notable role in assisting the NSA to weaken encryption standards. The Times reports:

internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard – called the Dual EC DRBG standard – which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.

Internal N.S.A. memos describe how the agency subsequently worked behind the scenes to push the same standard on the International Organization for Standardization. “The road to developing this standard was smooth once the journey began,” one memo noted. “However, beginning the journey was a challenge in finesse.”

At the time, Canada’s Communications Security Establishment ran the standards process for the international organization, but classified documents describe how ultimately the N.S.A. seized control. “After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A. became the sole editor.”

2 Comments

  1. Actually…
    the random number generator manipulated by the NSA is actually already considered as the slowest and usually passed over by more better RNG with higher performance.

  2. Really?
    Facilitated or was bullied? I’m sure C.S.E was more than happy to see a backdoor put in anyway.