random numbers for encryption

NIST drops NSA-backed random number generator

In response to public concerns about cryptographic security, the National Institute of Standards and Technology has dropped Dual_EC_DRBG from its list of recommended algorithms for generating the random numbers needed to create secure cryptographic keys for encrypting data.

In its updated guidelines on mechanisms for reliably generating random numbers, NIST said it removed support for Dual_EC_DRBG because of concerns that it might contain a weakness that attackers could exploit to predict the outcome of random number generation.

Because Dual_EC_DRBG was proposed as a standard by the National Security Agency, some thought the NSA may have intentionally weakened it “to allow the agency to access communications protected by products that use Dual_EC,” according to ThreatPost.

NIST continues to recommend the other three algorithms that were included in the previous version of the Recommendation document, which was released in early 2012. 

The revised version also contains several other notable changes, according to NIST. One allows additional options for the use of the CTR_DRBG random number algorithm. Another change recommends reintroducing randomness into deterministic algorithms as often as it is practical, because refreshing them provides additional protection against attack. The document also includes a link to examples that can help developers implement the SP 800-90A random number generators correctly. 

The updated document, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, is available here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected