Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How has the NIST random number generation guidance changed?

The NIST has changed its recommendations on random number generation for cryptographic keys. Expert Michael Cobb outlines the changes and explains why they were made.

The NIST recently published a revision of its recommendations for cryptographic random number generation. What...

does the revision mean for developers and enterprises? Why was the revision necessary, and how will it provide better security?

One of the statutory responsibilities of the National Institute of Standards and Technology (NIST) is to develop information security standards and guidelines. NIST Special Publication 800-90A, entitled Recommendation for Random Number Generation Using Deterministic Random Bit Generators, provides guidance on mechanisms for the generation of random numbers, a critical element used in creating secure cryptographic keys for encrypting data. The first version of this special publication was published in 2007, but concerns over the security of one of the cryptographic algorithms it described led NIST to formally revise its recommended methods for generating random numbers. Following the publication of a draft document and a period of public comment and review, NIST has reissued the guidelines as Special Publication 800-90A, Revision 1.

The revised document retains three of the four previously available cryptographic algorithms for generating pseudorandom bits: Hash_DRBG, HMAC_DRBG and CTR_DRBG, but the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) has been removed based on NIST's own evaluation, and in response to the lack of public confidence in it. This lack of confidence comes from reports alleging the NSA interfered with the design of the algorithm, and that it contains a weakness that would allow attackers to predict the outcome of the random number generation process, and determine the secret cryptographic keys.

NIST recommends that software vendors wanting to remain in compliance with federal guidance should reconfigure their products to use one of the three remaining approved cryptographic algorithms. System administrators should run a check to ensure no processes are still using cryptographic modules that rely on the Dual_EC_DRBG algorithm. These recommendations were included in an earlier version of the recommendation document, which was released in early 2012. Other changes in the revised document include additional options for the use of the CTR_DRBG random number algorithms and a recommendation to introduce randomness into deterministic algorithms as often as it is practical, because refreshing them provides additional protection against attacks.

Removing the potentially flawed Dual_EC_DRBG algorithm from the list of recommended random number generators will improve the security of cryptographic keys as long as vendors ensure it is no longer an option and users configure legacy software not to use it. However, the importance of randomness covered in Special Publication 800-90A has been highlighted by researchers Bruce Potter and Sasha Wood, who recently discovered that the entropy of the data streams that are used to seed the random number generators on systems using the cryptography library OpenSSL were often very low. This results in the generation of more easily guessable keys for encryption. Google's OpenSSL-based BoringSSL does regularly gather more entropy, but administrators who are concerned about weaknesses in their cryptographic keys should check out the open source program libentropy, released by Potter and Wood. It provides a dashboard for managing sources of entropy and reporting the status of entropy creation and utilization.

Next Steps

Paul Kocher discusses the effects of the ongoing NSA encryption-cracking scandal

Learn more about data encryption, notification and the NIST Cybersecurity Framework

Discover the strengths and weaknesses of the NIST Cybersecurity Framework

This was last published in November 2015

Dig Deeper on Disk and file encryption tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does the NIST's update on random number generation address your concerns about the NSA's alleged interference with cryptographic algorithms?
Cancel
I can see why people would be confused:

" it contains a weakness that would allow attackers to predict the outcome of the random number generation process"

It sounded to me like it was designed to work that way.... so now I'm wondering... what's up.  Part of me wonders if the people at NIST are scientific and technologically literate... or just bureaucrats after reading this.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close