The National Institute of Standards and Technology’s (NIST) has removed the Dual_EC_DRBG cryptography algorithm from the Random Number Generator Recommendation due to concerns about a weakness, the institute announced.
The Dual_EC_DRBG algorithm, first made public in 2004 and used since in the controversial RSA BSAFE cryptographic library, may be vulnerable to deciphering, NIST said.
â€œSome commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys,â€ NIST said. â€œBased on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG from the Rev. 1 document.â€
NIST published a list of cryptographic modules that use more than one algorithm where, in some cases, another algorithm can be used by default even if the Dual_EC_DRBG is included in the product.
â€œIf a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm,â€ NIST said.
Now NIST advises users of Dual_EC_DRBG to migrate as soon as possible to one of the other three remaining random number generator algorithms, including Hash_DRBG, HMAC_DRBG or CTR_DRBG.
Also vendors who use Dual_EC_DRBG and want to comply with federal guidance are recommended to move on to an alternative algorithm.
This decision was taken after documents leaked by former intelligence contractor Edward Snowden revealed a backdoor placed by the NSA in the RSAâ€™s BSAFE Dual_EC_DRBG algorithm.
The backdoor is not the only one. This month, researchers found another in RSAâ€™s BSAFE library dubbed â€œExtended Number.â€