Acknowledgements:
The National Institute of Standards and Technology (NIST) gratefully acknowledges.... Mike Boyle and Mary Baish from NSA for assistance in the
development of this Recommendation
Yes, this is 8 years overdue. As djb points out in a letter to NIST here [1], this is not just about one specific NIST recommendation that had problems. There are problems with the standardization process as a whole.
Well, given for how long Dual_EC_DRBG has been under suspicion, one cannot congratulate NIST for a proactive stance on security. For what it's worth, just go to this page on the NIST homepage:
Random Number Generation
[...]
- Recommendation for Random Number Generation Using Deterministic Random Bit Generators
[...]
- Dual_EC_DRBG (link)
[...]
CryptoToolkit Webmaster, Disclaimer Notice & Privacy Policy
NIST is an Agency of the U.S. Department of Commerce
Last updated: Jan 30, 2006
If you read the bottom of NIST's press release, they've tasked their Visiting Committee on Advanced Technology (recently co-chaired by Vint Cerf) to do a review of NIST's crypto standardization process. Their review will be released to the public.
I've gotten a response from Walter Fumy on the ISO stance on Dual_EC_DRBG:
"Regarding Dual_EC_DRBG, SC 27 / WG 2 resolved at its April 2014 meetings in Hong Kong to issue a corrigendum to ISO/ IEC 18031:2011 with the effect of removing the Dual_EC_DRBG scheme from the standard.
Processing the corrigendum takes some time but should be completed by the end of 2014.
In parallel, SC 27 Standing Document SD 12 "Assessment of cryptographic algorithms and key lengths" will be updated to include appropriate advice regarding Dual_EC_DRBG. This should happen by the end of the month."
I found a presentation (pdf) from a ISO/IEC meering late 2013 by Walter Fumy regarding crypto with details on Dual_EC_DRBG and recommendations to ISO. (I've also submitted this to HN, don't know if that is ok, but I find thing preso pretty interesting.)
So now we wait for the reaction from ISO and ANSI.
I have yet to see any reaction from either organisations regarding the standards ANSI X9.82, Part 3 and ISO/IEC 18031:2005 both of which includes Dual_EC_DRBG.
NIST rightfully gets a lot of blame and shame for not reacting to Dual_EC_DRBG in a timely manner. But ANSI and ISO standardized Dual_EC_DRBG before NIST and AFAIK has been very numb (and deaf and blind) the whole time. Would love to be proven wrong.
Yes. Lots of large corporations and government agencies point to NIST standards when making purchasing decisions. So until this got officially updated, vendors were obligated to sell potentiality insecure products.
There's NIST which publishes the definitions, and then there's FIPS which required the availability of Dual-EC DRBG.
Following FIPS is nontrivial. I've never heard of anyone doing it that wasn't the US government itself, or a contractor, or a stooge like RSA (which made Dual-EC their default crypto RNG).
The foot is defined as 12 inches, each inch is 25.4 millimeters. A meter is defined as "the length of the path travelled by light in vacuum during a time interval of 1/299792458 of a second." So the foot is defined in terms of exact rational seconds.
NIST offers calibration and measurement services for length.
http://nist.gov/calibrations/dimensional_links.cfm "Traceability to NIST" http://nist.gov/traceability/index.cfm is a big deal to people who care about calibration in the US. NIST and other national calibration labs circulate "transfer standards" amongst each other in order to ensure international agreement.
http://csrc.nist.gov/publications/drafts/800-90/sp800_90a_r1...
Acknowledgements: The National Institute of Standards and Technology (NIST) gratefully acknowledges.... Mike Boyle and Mary Baish from NSA for assistance in the development of this Recommendation