NIST denies NSA tampering with encryption standards
Although NIST must work with NSA by law, the agency maintains a public vetting process for all encryption standards
IDG News Service - The U.S. National Institute of Standards and Technology (NIST) has vigorously denied that the U.S. National Security Agency (NSA) tampered with NIST's process of vetting and choosing encryption algorithms.
"NIST would not deliberately weaken a cryptographic standard," NIST said in a statement Tuesday. "We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large."
The statement was issued five days after The New York Times accused the NSA of circumnavigating the NIST-approved encryption algorithms used to secure electronic communications, either by introducing virtually undetectable back doors in the algorithms or by subverting the public development process to weaken new encryption algorithms and supporting technologies.
NIST led development of many of the algorithms used to encrypt data on the Internet, such as AES (Advanced Encryption Standard) and the now largely defunct DES (Digital Encryption Standard). Both AES and DES are used in SSL (Secure Socket Layer), the protocol used by browsers to secure sensitive data.
In addition to issuing the statement, NIST has also reopened public comments for a number of proposed encryption related standards, namely Special Publication 800-90A and draft Special Publications 800-90B and 800-90C, which cover the random bit generators that provide random numbers to seed encryption keys.
NIST noted that it has worked closely with the NSA to help develop encryption standards, due to the NSA's expertise in this area. NIST is also required to consult with the NSA by U.S. legal statute. But the agency noted that its process for vetting encryption algorithms is an open one, in which anyone can review and comment on the work being done.
"If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible," the statement read.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
Top Considerations for Moving to a Cloud Delivery Model for ITSM
Find out whether SaaS-based ITSM is right for you
- Software-as-a-service is more than just a cloud-based delivery model-it's a new approach to service that lets companies optimize utilization of in-house IT resources... All Government IT White Papers
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government View this IBM webinar to learn about the challenges and opportunities in fraud reduction, waste, and abuse in government programs and agencies. You...
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- Integrated Infrastructure: Simplify Operations, Speed Deployments and Reduce Costs George Weiss, Gartner Vice President and Analyst, and Praveen Akkiraju, CEO of VCE, provide practical information regarding the various aspects of Integrated Infrastructures...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.