A panel of
top independent experts says US government standards for software may
enable the National Security Agency to have a back door for its spying
programs.
The experts, which published their conclusion on Monday, were hired
by The National Institute of Standards and Technology (NIST), which is
legally required to consult with the NSA to get security software
approved.
Former NSA contractor Edward Snowden revealed in September that the NSA detects back doors to circumvent the software’s efficacy and doesn't report it back to the institute.
The software programs are widely used coding formulas designed to prevent interception and hacking. The board of Independent experts has concluded that the NIST needs to review its obligation to confer with the NSA and seek legal changes.
Noting the partially obscured hand of the NSA in creating Dual Elliptic Curve - which Reuters reported was most broadly distributed by security firm RSA - the group delved into the details of how it and other NIST standards emerged. It found incomplete documentation and poor explanations in some cases.
"It is possible that the specified curves contain a back door somehow," said Massachusetts Institute of Technology professor Ron Rivest, a co-founder of RSA and the source of the letter R in its name. Though the curves could be fine, he wrote, "It seems prudent to assume the worst and transition away."
More broadly, Rivest wrote, "NIST should ask the NSA for full disclosure regarding all existing standards... If NSA refuses to answer such an inquiry, then any standard developed with significant NSA input should be assumed to be 'tainted,'" absent proof of security acceptable to outsiders.
Read more: PressTV - US standards for software may allow 'back doors' for the NSA: Experts
Former NSA contractor Edward Snowden revealed in September that the NSA detects back doors to circumvent the software’s efficacy and doesn't report it back to the institute.
The software programs are widely used coding formulas designed to prevent interception and hacking. The board of Independent experts has concluded that the NIST needs to review its obligation to confer with the NSA and seek legal changes.
Noting the partially obscured hand of the NSA in creating Dual Elliptic Curve - which Reuters reported was most broadly distributed by security firm RSA - the group delved into the details of how it and other NIST standards emerged. It found incomplete documentation and poor explanations in some cases.
"It is possible that the specified curves contain a back door somehow," said Massachusetts Institute of Technology professor Ron Rivest, a co-founder of RSA and the source of the letter R in its name. Though the curves could be fine, he wrote, "It seems prudent to assume the worst and transition away."
More broadly, Rivest wrote, "NIST should ask the NSA for full disclosure regarding all existing standards... If NSA refuses to answer such an inquiry, then any standard developed with significant NSA input should be assumed to be 'tainted,'" absent proof of security acceptable to outsiders.
Read more: PressTV - US standards for software may allow 'back doors' for the NSA: Experts
No comments:
Post a Comment