New York Times provides new details about NSA backdoor in crypto spec

Today, the New York Times reported that an algorithm for generating random numbers, which was adopted in 2006 by the National Institute of Standards and Technology (NIST), contains a backdoor for the NSA. The news followed a NYT report from last week, which indicated that the National Security Agency (NSA) had circumvented widely used (but then-unnamed) encryption schemes by placing backdoors in the standards that are used to implement the encryption.

In 2007, cryptographers Niels Ferguson and Dan Shumow presented research suggesting that there could be a potential backdoor in the Dual_EC_DRBG algorithm, which NIST had included in Special Publication 800-90. If the parameters used to define the algorithm were chosen in a particular way, they would allow the NSA to predict the supposedly random numbers produced by the algorithm. It wasn't entirely clear at the time that the NSA had picked the parameters in this way; as Ars noted last week, the rationale for choosing the particular Dual_EC_DRBG parameters in SP 800-90 was never actually stated.

Today, the NYT says that internal memos leaked by Edward Snowden confirm that the NSA generated the Dual_EC_DRBG algorithm. Publicly, however, the agency's role in development was significantly underbilled: “In publishing the standard, NIST acknowledged 'contributions' from NSA, but not primary authorship,” wrote the NYT. From there, the NSA pushed the International Organization for Standardization to adopt the algorithm, calling it “a challenge in finesse” to convince the organization's leadership.

Read 4 remaining paragraphs | Comments


International Standards, Reference Models and Publications Quick Guide

Mike the Architect  Standards Header

Van Haren Publishing recently published their 2012 - 2013 Global Standards and Publications book free online for all to use. 

I look at this book as a quick guide or a primer to the landscape of standards globally. The purpose isn't to give you deep knowledge into each one of these but rather give the overall landscape of standards that you can leverage in your day to day architecture efforts. As you seen in frameworks like TOGAF where the first step in is to "Select Reference Models", this is a one list you can pull from to see if there is any reuse out there so you don't have to go into the "think tank" and reinvent a practice, standard or tool that is already been vetted in the community. 

This book does a great job pulling in emerging standards and even some of the lesser known ones as well from around the globe. Below is a list of the standards covered in the book:

  • Agile
  • Amsterdam Information Management Model (AIM)
  • ArchiMate®
  • ASL®
  • Balanced Scorecard
  • BiSL®
  • CATS CM®
  • CMMI®
  • COBIT®
  • EFQM
  • eSCM-CL
  • eSCM-SP
  • Frameworx
  • ICB®
  • ISO 9001
  • ISO 14000
  • ISO/IEC 15504
  • ISO/IEC 27000 series
  • ISO 31000
  • ISO 38500
  • ISO/IEC 20000
  • ITIL®
  • Lean management
  • M_o_R®
  • MoP™
  • MSP®
  • P3O®
  • PMBOK® Guide
  • PRINCE2®
  • SABSA®
  • Scrum
  • Six Sigma
  • SqEME®
  • TMap® NEXT
  • TOGAF®


Download the publication here: