igor - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How has the NIST random number generation guidance changed?

The NIST has changed its recommendations on random number generation for cryptographic keys. Expert Michael Cobb outlines the changes and explains why they were made.

The NIST recently published a revision of its recommendations for cryptographic random number generation. What does the revision mean for developers and enterprises? Why was the revision necessary, and how will it provide better security?

One of the statutory responsibilities of the National Institute of Standards and Technology (NIST) is to develop information security standards and guidelines. NIST Special Publication 800-90A, entitled Recommendation for Random Number Generation Using Deterministic Random Bit Generators, provides guidance on mechanisms for the generation of random numbers, a critical element used in creating secure cryptographic keys for encrypting data. The first version of this special publication was published in 2007, but concerns over the security of one of the cryptographic algorithms it described led NIST to formally revise its recommended methods for generating random numbers. Following the publication of a draft document and a period of public comment and review, NIST has reissued the guidelines as Special Publication 800-90A, Revision 1.

The revised document retains three of the four previously available cryptographic algorithms for generating pseudorandom bits: Hash_DRBG, HMAC_DRBG and CTR_DRBG, but the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) has been removed based on NIST's own evaluation, and in response to the lack of public confidence in it. This lack of confidence comes from reports alleging the NSA interfered with the design of the algorithm, and that it contains a weakness that would allow attackers to predict the outcome of the random number generation process, and determine the secret cryptographic keys.

NIST recommends that software vendors wanting to remain in compliance with federal guidance should reconfigure their products to use one of the three remaining approved cryptographic algorithms. System administrators should run a check to ensure no processes are still using cryptographic modules that rely on the Dual_EC_DRBG algorithm. These recommendations were included in an earlier version of the recommendation document, which was released in early 2012. Other changes in the revised document include additional options for the use of the CTR_DRBG random number algorithms and a recommendation to introduce randomness into deterministic algorithms as often as it is practical, because refreshing them provides additional protection against attacks.

Removing the potentially flawed Dual_EC_DRBG algorithm from the list of recommended random number generators will improve the security of cryptographic keys as long as vendors ensure it is no longer an option and users configure legacy software not to use it. However, the importance of randomness covered in Special Publication 800-90A has been highlighted by researchers Bruce Potter and Sasha Wood, who recently discovered that the entropy of the data streams that are used to seed the random number generators on systems using the cryptography library OpenSSL were often very low. This results in the generation of more easily guessable keys for encryption. Google's OpenSSL-based BoringSSL does regularly gather more entropy, but administrators who are concerned about weaknesses in their cryptographic keys should check out the open source program libentropy, released by Potter and Wood. It provides a dashboard for managing sources of entropy and reporting the status of entropy creation and utilization.

Next Steps

Paul Kocher discusses the effects of the ongoing NSA encryption-cracking scandal

Learn more about data encryption, notification and the NIST Cybersecurity Framework

Discover the strengths and weaknesses of the NIST Cybersecurity Framework

This was last published in November 2015

Dig Deeper on Disk and file encryption tools