Details Reveal Crypto Standard Controlled By NSA; And How Canada Helped

from the international-cooperation dept

Wed, Sep 11th 2013 3:48pm — Mike Masnick

After the revelations of how the NSA basically authored a crypto standard surreptitiously with obligatory backdoors, plenty of people started exploring exactly which standard it was -- and called on the various reporters with access to Snowden's documents to come clean, mainly to protect people who were now using insecure crypto. Buried in a blog post that focuses more on the NIST's non-response to the news, the NY Times finally revealed both what standard it was, the Dual EC DRBG standard, and how Canadian intelligence basically was the cover, helping to hide the NSA's efforts:

But internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a back door for the N.S.A. In publishing the standard, N.I.S.T. acknowledged “contributions” from N.S.A., but not primary authorship.

Internal N.S.A. memos describe how the agency subsequently worked behind the scenes to push the same standard on the International Organization for Standardization. “The road to developing this standard was smooth once the journey began,” one memo noted. “However, beginning the journey was a challenge in finesse.”

At the time, Canada’s Communications Security Establishment ran the standards process for the international organization, but classified documents describe how ultimately the N.S.A. seized control. “After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A. became the sole editor.”

That same article notes that people inside NIST "feel betrayed by their colleagues at the NSA," but I wonder if NIST will ever be able to regain any real sense of trust with the crypto community.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, canada, cyrpto, dual ec drbg, encryption, nist, nsa, nsa surveillance

25 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 11 Sep 2013 @ 3:59pm

I hope not. Better start fresh with a new international body with ZERO influence from governments.
[ link to this | view in chronology ]
- Anonymous Coward, 11 Sep 2013 @ 4:19pm
  
  Re:
  nah, open source is the only bet. no closed room shit, all out in the open and count on China/Russia/USA to point out all the weaknesses they dont want the enemy to exploit.
  [ link to this | view in chronology ]
- Anonymous Coward, 12 Sep 2013 @ 8:23am
  
  Re:
  zero influence from governments? good luck with that.
  [ link to this | view in chronology ]
Anonymous Coward, 11 Sep 2013 @ 4:17pm

This raises a seriously disturbing question
We're now looking at an existence proof that the NSA has deliberately interfered with a cryptographic standards/development process in order to weaken/backdoor it.

NSA personnel (and ex-NSA personnel) have been involved in US-based crypto in government, industry and academic for decades. They've been part of the work done on the math, the standards, the software, the hardware, the procedures, everything.

Should we conclude that they've only done this once?
[ link to this | view in chronology ]
- PRMan, 11 Sep 2013 @ 5:02pm
  
  Re: This raises a seriously disturbing question
  I wondered that very thing the first time I heard that AES was approved by the NSA.
  [ link to this | view in chronology ]
Brent Ashley (profile), 11 Sep 2013 @ 4:23pm

My detailed Canadian perspective on this
Sorry.
[ link to this | view in chronology ]
- PRMan, 11 Sep 2013 @ 5:02pm
  
  Re: My detailed Canadian perspective on this
  You mean, "Sow-ry".
  [ link to this | view in chronology ]
  - Anonymous Coward, 11 Sep 2013 @ 8:23pm
    
    Re: Re: My detailed Canadian perspective on this
    We have ways of making you pronounce the letter "o."
    [ link to this | view in chronology ]
Anonymous Coward, 11 Sep 2013 @ 4:35pm

It's all right there in the name, hidden in plain sight.
EC DRBG = Evil Canadian DiRtBaGs.

(Of course, the C could also stand for Corrupt.)
[ link to this | view in chronology ]
- Anonymous, 11 Sep 2013 @ 4:36pm
  
  Re:
  That was me, Anonymous, who posted that BTW.
  [ link to this | view in chronology ]
Me, 11 Sep 2013 @ 4:46pm

Even open source isn't completely safe if the NSA is running the show (in the sense it might take much longer than it otherwise would for the duplicity to be uncovered). The answer is at a minimum to blackball NSA personnel and alumni.
[ link to this | view in chronology ]
- OldMugwump (profile), 11 Sep 2013 @ 5:30pm
  
  Re: Blackball NSA personnel and alumni
  No, don't blackball them. They'll just go undercover.
  
  The real lesson is to trust no one.
  
  You must assume everyone is cheating and trying to slip a fast one by. Because some of them are, and you'll never know which ones.
  [ link to this | view in chronology ]
  - Anonymous, 11 Sep 2013 @ 5:57pm
    
    Re: Re: Blackball NSA personnel and alumni
    Why should we trust you? Oh wait, you already said we shouldn't. But if we are to trust you, then we can't trust you, so how...oh great, I can see I won't be getting any sleep tonight...
    [ link to this | view in chronology ]
- Lawrence D'Oliveiro, 11 Sep 2013 @ 11:56pm
  
  Re: Even open source isn't completely safe if the NSA is running the show
  We have an old saying in Open Source: �many eyes make all bugs shallow�. This whole Dual EC DRBG debacle never got trusted to the point where it could do much damage, simply because there are too many smart people outside the NSA nowadays, who will find holes no matter how cunningly hidden.
  
  For example, look at the SELinux mandatory access control system built into the Linux kernel. It was primarily written by the NSA. Do we trust it? Yes, because the simple mention of those three letters �NSA� was already enough to attract a whole lot of extra scrutiny and suspicion.
  [ link to this | view in chronology ]
  - Anonymous Coward, 12 Sep 2013 @ 3:00am
    
    Re: Re: Even open source isn't completely safe if the NSA is running the show
    really? who did the 'whole lot of extra scrutiny and suspicion' - not the NSA plant i hope?
    [ link to this | view in chronology ]
Anonymous Coward, 11 Sep 2013 @ 5:23pm

Canada
Been saying for years: Canada is evil.

But nobody will listen. Even their healthcare is sinister.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Sep 2013 @ 1:45am
  
  Re: Canada
  Blame Canada, blame Canada. They are not a real country anyway.
  [ link to this | view in chronology ]
Anonymous Coward, 11 Sep 2013 @ 6:29pm

As more is revealed, there are probably other standards that they've had their fingers in. There will be fallout for all the revelations that have come from the Snowden releases.

US corporations are going to pay a heavy price for this co-operation voluntary or involuntary before it is all over with. Every release reveals more things that need to be looked into.

The NSA has no real place to hide anymore in the sense of just how deep they've been into gaining access to near everything.
[ link to this | view in chronology ]
Lawrence D'Oliveiro, 11 Sep 2013 @ 11:53pm

No Big Surprise
If this was NSA�s best attempt to subvert public security standards, it�s been a complete failure. It was obvious to experts in the field that there was something fishy about Dual EC DRBG from the beginning. With new developments in encryption, it�s very much a case of �worthless until proven worthy�: nobody takes a new idea seriously until it has survived multiple serious hammerings. And this one never quite made it beyond the worthless stage.
[ link to this | view in chronology ]
Ninja (profile), 12 Sep 2013 @ 4:58am

In the end maybe it's a good thing that all this shit has happened and hit the fan. Think about it for a while. You have a Govt espionage agency involved in crafting encryption standards. It's bound to be abused at some point even though that agency actually helps at first. That's why everything must be designed thinking of abuse because times change, people in charge change and at some point there will be abuse. I suspect this will spill over a myriad of stuff that really needs to be decentralized and taken away from the US (and any central country for the matter) such as ICANN and the likes.

It's time we start adopting standards that are crafted, discussed in the open and enabled by everyone and nobody at the same time. Because that's what the Internet is, open and for all.
[ link to this | view in chronology ]
Crusty the Ex-Clown, 12 Sep 2013 @ 5:47am

EC DRBG
I'm sure it's been said before, but isn't the kludginess of EC DRBG in and of itself a red flag? It's as if they wanted it to be suspect and thus avoided in favor of another encryption which didn't appear to be compromised but, in fact, was. "Pay no attention to the man behind the curtain," and all that. I simply assume we're being herded towards their "preferred" solution.

What are the odds that NSA had a role in the design of Bitcoin?
[ link to this | view in chronology ]
Laroquod (profile), 12 Sep 2013 @ 7:06am

So let me get this straight. Canada, which recently passed a new copyright law OUTLAWING the public from cracking DRM encryption for ANY purpose on penalty of IMPRISONMENT -- at the direct behest (according to leaked docs) OF the U.S. governemt -- has been secretly cracking the public's encryption FOR the U.S. government.

Maybe Canadians should just put DRM on all their online communications -- maybe then finally some spooks would go to jail. (Sorry, I was briefly indulging in the old school fantasy that the laws in a democracy apply to everyone. Forgive me naivete but I am, after all, over 40...)
[ link to this | view in chronology ]
Hephaestus (profile), 12 Sep 2013 @ 7:33pm

Weird thought.
I think making it illegal to break encryption was a way for the NSA to prevent people from finding the flaws that they themselves created.

Perhaps we should remove that law from the books.
[ link to this | view in chronology ]
Anonymous Coward, 12 Sep 2013 @ 10:26pm

I read the NIST statement. It didn't reassure me in the least. I'm sure it didn't reassure 99% of the other countries in the world either.

The NSA "finessed" their way to the destruction of not only their own credibility, but also the credibility of NIST.

Guess that's what happens when you're ball and chained to an organization such as the NSA.
[ link to this | view in chronology ]
Rafael Nunes, 24 Dec 2013 @ 4:54am

It's like Dan Brown's Digital Fortress.
[ link to this | view in chronology ]