Silent Circle: NIST encryption standards untrustworthy
The secure-communications company says it's moving away from the the US government agency's standards after reports of NSA tampering.
The National Security Agency's apparent attempts to weaken encryption technology has led a private-communication startup to move away from encryption algorithms from the US government's National Institute of Standards and Technology.
Silent Circle co-founder Jon Callas called NIST encryption experts "victims of the NSA's perfidy" in a blog post Monday and said the company will move away from using encryption standards that NIST helped create. The standards will still be available, but not by default, he said.
"At Silent Circle, we've been deciding what to do about the whole grand issue of whether the NSA has been subverting security," Callas said. He and co-founders Phil Zimmermann and Mike Janke have decided that "in the relatively near future, we will implement a non-NIST cipher suite."
The move spotlights the damage to NIST's reputation and influence as a creator of trustworthy security standards. And it could steer others away from its encryption-related standards, too.
Silent Circle sells secure voice and text-messaging services, and Zimmermann, creator of the PGP encryption software in the 1990s, told CNET that the NSA surveillance issue has brought in lots of new business for the company.
Reports earlier this month said the NSA has sought to defeat encryption used on the Internet. One particular method was planting a vulnerability into a standard from NIST, according to a memo released by Edward Snowden. "Eventually, N.S.A. became the sole editor" of the standard, the memo said.
The standard in question, which NSA proposed and NIST promulgated, is used to generate random numbers, a key part of making encryption unpredictable. Random numbers that aren't as random as they seem are one way encryption algorithms can be weakened. A 2007 presentation by two Microsoft researchers called into question the standard's algorithm -- Dual Elliptic Curve Deterministic Random Bit Generation, aka Dual_EC_DRBG -- and raised the possibility that it offered a back door into encrypted communications to someone who knew specific secret numbers.
"If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG," said security researcher Bruce Schneier in a blog post about Dual_EC_DRBG at the time.
The secret numbers relate to three other numbers shown in the standard's specification. To deal with the issue, NIST updated the algorithm -- specified in the SP 800-90/90A standard -- with details on generating new numbers instead of the "default" values NIST provided.
After the Snowden documents emerged, NIST has recommended against use of the technology and concluded that it's time to re-evaluate Dual_EC_DRBG. In a notice (PDF) earlier in September that it's reopening a comment period it said:
Concern has been expressed about one of the DRBG algorithms in SP 800-90/90A and ANS X9.82: the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm. This algorithm includes default elliptic curve points for three elliptic curves, the provenance of which were not described. Security researchers have highlighted the importance of generating these elliptic curve points in a trustworthy way. This issue was identified during the development process, and the concern was initially addressed by including specifications for generating different points than the default values that were provided. However, recent community commentary has called into question the trustworthiness of these default elliptic curve points.
NIST works to publish the strongest cryptographic standards possible, and uses a transparent, public process to rigorously vet its standards and guidelines. If vulnerabilities are found, NIST works with the cryptographic community to address them as quickly as possible.
Via GigaOm