NIST removes Dual_EC_DRBG algorithm from Draft Guidance suggesting to abandon it

Pierluigi Paganini April 24, 2014

The NIST announced it will request final public comments before Dual_EC_DRBG generator is officially removed from NIST Special Publication 800-90A, Rev.1

The National Institute of Standards has decided to abandon Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG ) in response to the controversy raised after the revelation made by Edward Snowden. In December the whistleblower leaked documents reporting that RSA signed a secret $10 million contract with the National Security Agency to implement as the default choice the flawed Dual_EC_DRBG  algorithm in its bSafe Security solution.

RSA always denied all the accusations, the company published a blog post, refusing inferences on the secret partnership with the National Security Agency and the use of flawed algorithm in its product as default choice.


NIST is immediately ran for cover, it published an official announcement titled “NIST Removes Cryptography Algorithm from Random Number Generator Recommendations” to recommend citizens to abandon the Dual_EC_DRBG informing them that it has been removed from its draft guidance on random number generators. NIST suggests the adoption of one of the three remaining approved algorithms in the publication, the Hash_DRBG, HMAC_DRBG, and CTR_DRBG.

Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators. Before implementing the change, NIST is requesting final public comments on the revised document, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (NIST Special Publication 800-90A, Rev. 1).

Be aware, NIST didn’t remove it from its random number generator recommendations to allow researchers to review the encryption standard and its robustness.

“Some commenters expressed concerns that the algorithm contains a weakness that would allow attackers to figure out the secret cryptographic keys and defeat the protections provided by those keys. Based on its own evaluation, and in response to the lack of public confidence in the algorithm, NIST removed Dual_EC_DRBG from the Rev. 1 document. The revised SP 800-90A is available at along with instructions for submitting comments.”

The operation aims to give more transparency to the cyber security community on algorithm efficiency.

We want to assure the IT cyber security community that the transparent, public process used to rigorously vet our standards is still in place. NIST would not deliberately weaken a cryptographic standard,” was reported by NIST.

NIST recommends the vendors currently using Dual_EC_DRBG in their products to select an alternative algorithm and not wait for further revision of the revised document.

 “If a product uses Dual_EC_DRBG as the default random number generator, it may be possible to reconfigure the product to use a different default algorithm.” reports the NIST.

NIST announced that that the public comment period on Special Publication 800-90A will close on May 23th.

(Security Affairs –  NIST, Dual_EC_DRBG )

you might also like

leave a comment