Secret NSA Backdoor in New Encryption Standards?

It sounds like something out of a scary big brother scenario, but the NSA has possibly put their own secret backdoor into new encryption standards.

Most standard encryption is based on random numbers created by random number generators. If someone was able to break the random number generator they would be able to break the encryption. So it is concerning that the newest encryption standards contain slower, poorly designed algorithms that may have left a backdoor for the NSA.

Different systems use different encryption techniques, but many papers have found flaws in these techniques allowing users to exploit the weaknesses and break the encryption. The United States government has released their new official standard for random-number generators this year which will most likely be followed by developers around the world. Known as the NIST Special Publications 800-90, the new standard contains 4 different approved techniques called Deterministic Random Bit Generators (DRBGs). All are based on existing methods of trusted designs, but one of the four methods is not like the others. It is based on elliptical curves and works much slower than the others and has been promoted by the NSA.

It’s not surprising the NSA is involved in U.S. cryptography standards, but their role in development may concern some security advocates. People have identified problems with the elliptical curve method of generating random numbers which puts a bias on certain “random” numbers. Many “constant” numbers are used, listed in an appendix, without any real explanation where they came from. This set of numbers may have a relationship with a second set of numbers, creating a sort of “skeleton key” used to decrypt data.

Of course, no one knows if the NSA or someone else created this back door. All that appears certain is someone used a less efficient method of random-number generation to have an edge of knowledge on these numbers. For anyone looking for methods to generate random numbers, it is advisable to use one of the other three methods and not the elliptical curves, unless of course you want someone to have a secret back door key to your encrypted data.