The updated document, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, describes algorithms that can be used to reliably generate random numbers, a key step in data encryption.
In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren’t connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.
I’d like to request the removal of Kevin Igoe from CFRG co-chair.
The Crypto Forum Research Group is chartered to provide crypto advice to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin has shaped CFRG discussion and provided CFRG opinion to WGs.
Kevin’s handling of the “Dragonfly” protocol raises doubts that he is performing these duties competently. Additionally, Kevin’s employment with the National Security Agency raises conflict-of-interest concerns.
LOL. No one trusts the NSA anymore.
NIST’s standard for random numbers used for cryptography, published in 2006, had been weakened by the NSA. Companies such as banks and financial institutions that rely on encryption to guarantee customer privacy depend on this standard. The nature of the subversions sounds abstruse: the random-number generator, the ‘Dual EC DRBG’ standard, had been hacked by the NSA so that its output would not be as random as it should have been. That might not sound like much, but if you are trying to break an encrypted message, the knowledge that it is hundreds or thousands of times weaker than advertised is a great encouragement.
The attack against the Ivy Bridge processors sabotages random number generator (RNG) instructions Intel engineers added to the processor. The exploit works by severely reducing the amount of entropy the RNG normally uses, from 128 bits to 32 bits. The hack is similar to stacking a deck of cards during a game of Bridge. Keys generated with an altered chip would be so predictable an adversary could guess them with little time or effort required. The severely weakened RNG isn’t detected by any of the “Built-In Self-Tests” required for the P800-90 and FIPS 140-2 compliance certifications mandated by the National Institute of Standards and Technology.
An RSA public key (e,N) consists of an exponent e and a modulus N. The modulus is the product of two randomly chosen prime numbers p and, q. If p and q are known, it is straightforward to derive the private key. However, if they are unknown, one must factor N into p and q, which requires intensive computing resources. However, let’s assume that two keys with modulus N1 and N2 share one of the factors: N1 = p1 x q and N2 = p2 x q. In this case, finding the greatest common divisor of N1 and N2, which is q, is sufficient to factor these two moduli. The task of finding the greatest common divisor of two 1024-bit integers is much simpler than factoring and can be done in microseconds…
This well known vulnerability of RSA can be exploited in the context of low entropy keys. Poor random number generation can indeed lead to multiple keys sharing one of their factors. Heninger found that more than 60’000 keys (approximately 0.5%) they had collected could be factored in this way.