The NIST recently published a revision of its recommendations for cryptographic random number generation. What...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
does the revision mean for developers and enterprises? Why was the revision necessary, and how will it provide better security?
One of the statutory responsibilities of the National Institute of Standards and Technology (NIST) is to develop information security standards and guidelines. NIST Special Publication 800-90A, entitled Recommendation for Random Number Generation Using Deterministic Random Bit Generators, provides guidance on mechanisms for the generation of random numbers, a critical element used in creating secure cryptographic keys for encrypting data. The first version of this special publication was published in 2007, but concerns over the security of one of the cryptographic algorithms it described led NIST to formally revise its recommended methods for generating random numbers. Following the publication of a draft document and a period of public comment and review, NIST has reissued the guidelines as Special Publication 800-90A, Revision 1.
The revised document retains three of the four previously available cryptographic algorithms for generating pseudorandom bits: Hash_DRBG, HMAC_DRBG and CTR_DRBG, but the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) has been removed based on NIST's own evaluation, and in response to the lack of public confidence in it. This lack of confidence comes from reports alleging the NSA interfered with the design of the algorithm, and that it contains a weakness that would allow attackers to predict the outcome of the random number generation process, and determine the secret cryptographic keys.
NIST recommends that software vendors wanting to remain in compliance with federal guidance should reconfigure their products to use one of the three remaining approved cryptographic algorithms. System administrators should run a check to ensure no processes are still using cryptographic modules that rely on the Dual_EC_DRBG algorithm. These recommendations were included in an earlier version of the recommendation document, which was released in early 2012. Other changes in the revised document include additional options for the use of the CTR_DRBG random number algorithms and a recommendation to introduce randomness into deterministic algorithms as often as it is practical, because refreshing them provides additional protection against attacks.
Removing the potentially flawed Dual_EC_DRBG algorithm from the list of recommended random number generators will improve the security of cryptographic keys as long as vendors ensure it is no longer an option and users configure legacy software not to use it. However, the importance of randomness covered in Special Publication 800-90A has been highlighted by researchers Bruce Potter and Sasha Wood, who recently discovered that the entropy of the data streams that are used to seed the random number generators on systems using the cryptography library OpenSSL were often very low. This results in the generation of more easily guessable keys for encryption. Google's OpenSSL-based BoringSSL does regularly gather more entropy, but administrators who are concerned about weaknesses in their cryptographic keys should check out the open source program libentropy, released by Potter and Wood. It provides a dashboard for managing sources of entropy and reporting the status of entropy creation and utilization.
Paul Kocher discusses the effects of the ongoing NSA encryption-cracking scandal
Learn more about data encryption, notification and the NIST Cybersecurity Framework
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how ...continue reading
Companies and government agencies handling criminal justice information need to comply with CJIS Security Policy. Expert Michael Cobb explains the ...continue reading
An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.