NIST has proven Lincoln’s adage:
You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time. (emphasis added)
Frank Konkel writes in: NIST reopens NSA-altered standards that:
The National Institute of Standards and Technology reopened the public comment period for already-adopted encryption standards that, according to leaked top-secret documents, were deliberately weakened by the National Security Agency.
Reopening the standards in question – Special Publication 800-90A and draft Special Publications 800-90B and 800-90C – gives the public a chance to weigh in again on encryption standards that were approved by NIST in 2006 for federal and worldwide use.
The move came Sept. 10, a swift response from NIST after several media outlets, including FCW, published articles that questioned the agency’s cryptographic standards development process after the leaks surfaced.
(…)
For your convenience:
Disclaimer: I am reporting these links as they appear on the http://csrc.nist.gov website. The content they return may or may not be true and correct copies of the documents listed.
On the topic of reopened public comments, the following was posted at: http://csrc.nist.gov/publications/PubsDrafts.html:
In light of recent reports, NIST is reopening the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C.
NIST is interested in public review and comment to ensure that the recommendations are accurate and provide the strongest cryptographic recommendations possible.
The public comments will close on November 6, 2013. Comments should be sent to RBG_Comments@nist.gov.
In addition, the Computer Security Division has released a supplemental ITL Security Bulletin titled “NIST Opens Draft Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, For Review and Comment (Supplemental ITL Bulletin for September 2013)” to support the draft revision effort.
If NIST got fooled, a pretty big if, rather than hide that possibility, NIST wants more public examination and comment to uncover it.
If you have the time and expertise, please contribute to this reexamination of these important encryption standards.
The NSA can corrupt the standards process if and only if enough of us stay home. Let’s disappoint them.