Chicago - A message from the station manager

Government Standards Agency To Review Encryption Guidelines After Cryptographers Cry Foul Over NSA Meddling

By Jeff Larson/ProPublica

The federal institute that sets national standards for how government, private citizens and business guard the privacy of their files and communications is reviewing all of its previous recommendations.
The move comes after ProPublica, The Guardian and The New York Times disclosed that the National Security Agency had worked to secretly weaken standards to make it easier for the government to eavesdrop.


The review, announced earlier this month by the National Institute for Standards and Technology, will also include an assessment of how the institute creates encryption standards.
The institute sets national standards for everything from laboratory safety to high-precision timekeeping. NIST’s cryptographic standards are used by software developers around the world to protect confidential data. They are crucial ingredients for privacy on the Internet, and are designed to keep Internet users safe from being eavesdropped on when they make purchases online, pay bills or visit secure websites.
But as the investigation by ProPublica, The Guardian and The New York Times in September revealed, the National Security Agency spends $250 million a year on a project called “SIGINT Enabling” to secretly undermine encryption.
One of the key goals, documents said, was to use the agency’s influence to weaken the encryption standards that NIST and other standards bodies publish.
“Trust is crucial to the adoption of strong cryptographic algorithms,” the institute said in a statement on their website. “We will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines.”
The NSA is no stranger to NIST’s standards-development process. Under current law, the institute is required to consult with the NSA when drafting standards. NIST also relies on the NSA for help with public standards because the institute doesn’t have as many cryptographers as the agency, which is reported to be the largest employer of mathematicians in the country.
“Unlike NSA, NIST doesn’t have a huge cryptography staff,” said Thomas Ptacek, the founder of Matasano Security. “NIST is not the direct author of many of most of its important standards.”
Matthew Scholl, the deputy chief at the Computer Security Division of the institute, echoed that statement: “As NIST Director Pat Gallagher has said in several public settings, NIST is designed to collaborate and the NSA has some of the world’s best minds in cryptography . . . We also have parallel missions to protect federal IT systems, so we will continue to work with the NSA.”
Some of these standards are products of public competitions among academic cryptography researchers, while others are the result of NSA recommendations. An important standard, known as SHA2, was designed by the NSA and is still trusted by independent cryptographers and software developers worldwide.
NIST withdrew one cryptographic standard, called Dual EC DRGB, after documents provided to news organizations by the former intelligence contractor Edward Snowden raised the possibility that the standard had been covertly weakened by the NSA.
Soon after, a leading cryptography company, RSA, told software writers to stop using the algorithm in a product it sells. The company promised to remove the algorithm in future releases.
Many cryptographers have expressed doubt about NIST standards since the initial revelations were published. One popular encryption library changed its webpage to boast that it did not include NIST-standard cryptography.
Silent Circle, a company that makes encryption apps for smartphones, promised to replace the encryption routines in its products with algorithms not published by NIST.
If the NIST review prompts significant changes to existing encryption standards, consumers will not see the benefit immediately.
“If the recommendations change, lots of code will need to change,” said Tanja Lange, a cryptographer at the University of Technology at Eindhoven, in the Netherlands. “I think that implementers will embrace such a new challenge, but I can also imagine that vendors will be reluctant to invest the extra time.”
In this month’s announcement, NIST pointed to its long history of creating standards, including the role it had in creating the first national encryption standard in the 1970s – the Data Encryption Standard, known as DES.
“NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard,” the bulletin said.
But even that early standard was influenced by the NSA. During the development of DES, the agency insisted that the algorithm use weaker keys than originally intended – keys more susceptible to being broken by super computers.
At the time, Whitfield Diffie, a digital cryptography pioneer, raised serious concerns about the keys.
“The standard will have to be replaced in as few as five years,” he wrote.
The weakened keys in the standard were not changed. DES was formally withdrawn by the institute in 2005.
The announcement is the latest effort by NIST to restore the confidence of cryptographers. A representative from NIST announced in a public mailing list, also this month, that the institute would restore the original version of a new encryption standard, known as SHA3, that had won a recent design competition but altered by the institute after the competition ended. Cryptographers charged that NIST’s changes to the algorithm had weakened it. The SHA3 announcement referred directly to cryptographers’ concerns.
“We were and are comfortable with that version on technical grounds, but the feedback we’ve gotten indicates that a lot of the crypto community is not comfortable with it,” wrote John Kelsey, NIST’s representative. There is no evidence the NSA was involved in the decision to change the algorithm.
The reversal took Matthew Green, a cryptographer at Johns Hopkins University, by surprise. “NIST backed down! I’m not sure they would have done that a year ago,” he said.

Previously:
* NSA Surveillance Drives Writers To Self-Censor.
* Filed: 22 Firsthand Accounts Of How NSA Surveillance Chilled The Right To Association.
* Claim On ‘Attacks Thwarted’ By NSA Spreads Despite Lack Of Evidence.
* Obama Vs. The World.
* How A Telecom Helped The Government Spy On Me.
* UN Member States Asked To End Unchecked Surveillance.
* Government Standards Agency: Don’t Follow Our Encryption Guidelines Because NSA.
* Five More Organizations Join Lawsuit Against NSA.
* A Scandal Of Historic Proportions.
* Item: NSA Briefing.
* The Case Of The Missing NSA Blog Post.
* The NSA Is Out Of Control.
* Patriot Act Author Joins Lawsuit Against NSA.
* Obama’s Promises Disappear From Web.
* Why NSA Snooping Is A Bigger Deal In Germany.
* Item: Today’s NSA Briefing.
* NSA Briefing: It Just Got Worse (Again).
* Song of the Moment: Party at the NSA.
* It Not Only Can Happen Here, It Is Happening Here.
* What NSA Transparency Looks Like.
* America’s Lying About Spying: Worse Than You Think.
* Obama Continues To Lie His Ass Off About The NSA.
* The Surveillance Reforms Obama Supported Before He Was President.
* America’s Spying: Worse Than You Think.
* Has The U.S. Government Lied About Its Snooping? Let’s Go To The Videotape.
* Who Are We At War With? That’s Classified.
* Six Ways Congress May Reform NSA Snooping.
* NSA Says It Can’t Search Its Own E-Mails.
* Does The NSA Tap That?
* Obama Explains The Difference Between His Spying And Bush’s Spying.
* FAQ: What You Need To Know About The NSA’s Surveillance Programs.
* NSA: Responding To This FOIA Would Help “Our Adversaries”.
* Fact-Check: The NSA And 9/11.
* The NSA’s Black Hole: 5 Things We Still Don’t Know About The Agency’s Snooping.
* Defenders Of NSA Surveillance Citing Chicago Case Omit Most Of Mumbai Plotter’s Story.
* Obama’s War On Truth And Transparency.
* ProPublica’s Guide To The Best Stories On The Growing Surveillance State.

See also:
* Jimmy Carter: America’s Shameful Human Rights Record.
* James Goodale: Only Nixon Harmed A Free Press More.
* Daniel Ellsberg: Obama Has Committed Impeachable Offenses.

Comments welcome.

Permalink

Posted on November 21, 2013