The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.
NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products.
The agency said that because of cryptographers’ concerns, it would reopen the public comment period for three publications — Special Publication 800-90A and drafts of Special Publications 800-90B and 800-90C — which all use the random number generator in question.
“If vulnerabilities are found in these or any other N.I.S.T. standard, we will work with the cryptographic community to address them as quickly as possible,” the agency’s statement said.
“I know from firsthand communications that a number of people at N.I.S.T. feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an interview Tuesday. “Reopening the standard is the first step in fixing that betrayal and restoring confidence in N.I.S.T.”
Government Announces Steps to Restore Confidence on Encryption Standards [Nicole Perlroth/NYT]
(via Interesting People)
In 2014, the US Office of Personnel Management was hacked (presumably by Chinese spies), and leaked 22,000,000+ records of Americans who’d applied for security clearance, handing over the most intimate, compromising details of their lives (the clearance process involves disclosing anything that could be used to blackmail you in the future). This didn’t come to […]
The winner-take-all economy has turned virtually every industry into a cartel (four record labels, two cable companies, two phone operating systems, etc) who operate without fear of competition regulation, allowing representatives of a few companies to gather in closed-door meetings to cook up operating agreements that end up having the force of law.
Following from Wells Fargo’s 2,000,000-account fraud against its own customers — part of a decade-old pattern — the state of California has imposed sanctions on the bank, freezing it out of bond issues, brokerage business, and suspending all investment in Wells Fargo-issued securities.
Amazon’s Audible is hands-down the most popular place to find audiobooks. With its library of over 180,000 books, Audible has the biggest audiobook selection in the world, and a membership gets you a free book each month. You can sync Audible across multiple devices, so you’ll never lose your spot whether you’re on your computer or your phone.This […]
#1. A-Audio Legacy Noise Cancelling Headphones with 3-Stage Technology The A-Audio Legacy Headphones are the Boing Boing Store’s best seller this month, and it’s easy to see why. With 40mm drivers, powerful circuitry, and memory foam padded circumaural ear cups, these are clearly super high-quality headphones. Plus, the patented 3-Stage Technology lets you toggle between passive […]
Vaping is getting more mainstream by the day, which means there’s been an influx of quality yet affordable vaporizers on the market. We’re particularly excited about the APX Wax Vaporizer Kit, which is an easy-to-use, high-quality vape that works with both dry herbs and waxy concentrates.If you’re a beginner trying to get into vaping, the APX […]