The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.
NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products.
The agency said that because of cryptographers’ concerns, it would reopen the public comment period for three publications — Special Publication 800-90A and drafts of Special Publications 800-90B and 800-90C — which all use the random number generator in question.
“If vulnerabilities are found in these or any other N.I.S.T. standard, we will work with the cryptographic community to address them as quickly as possible,” the agency’s statement said.
“I know from firsthand communications that a number of people at N.I.S.T. feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an interview Tuesday. “Reopening the standard is the first step in fixing that betrayal and restoring confidence in N.I.S.T.”
Government Announces Steps to Restore Confidence on Encryption Standards [Nicole Perlroth/NYT]
(via Interesting People)
The Dutch activist/journalists Follow the Money and Platform Authentieke Journalistiek -- last seen revealing the dark money funding thinktanks that backed the Transatlantic Trade and Investment Partnership -- have a new project: the #ShellPapers, a deep, crowdsourced investigation into Shell oil, its sweetheart relationship to the Dutch government, its corruption and violence throughout the world, […]
Apple pioneered the use of dirty tricks and lobbying to kill Right to Repair legislation, but they're not the only tech player who's putting lobbying muscle into ensuring that you can't decide who fixes your stuff (and when it is "unfixable" and must be sent to the landfill).
This week, Keep Internet Devices Safe Act was gutted by the Illinois senate: it would have allowed people sue manufacturers if they determined that a device had engaged in remote recording without notifying its owner.
With the intuitive software out there today, anyone can become a music producer. You’ve probably heard that from any number of laptop impresarios, but you still have to know how to use the tools – and Logic Pro X is one of the best platforms out there right now. In order to get the most […]
Believe it or not, PDF files have been the go-to format for contracts and forms of any type since 1993. And sure, they’re easily shareable – but that’s about it. When you need to edit or sign a document – and you will – that’s when frustration can set in. Luckily, there are workarounds, and […]
It’s 4/20! Smoke ’em if you got ’em – and if you haven’t got ’em, check out this roundup of deep discounts on pipes and other accessories. They’re all on sale, but you can take an extra discount off the final price courtesy of the Boing Boing store by using the online code 420SAVE. Freeze […]