Feeds

Kill dodgy RNG says NIST

But you already knew that, right?

Top 5 reasons to deploy VMware with Tegile

NIST has said what we already knew: the Dual Elliptic Curve Deterministic Random Bit Generator, Dual_EC_DRBG, is a dead duck and should be abandoned by anyone still using it.

In this document, the US standards-setter is seeking comment on the final version of its Recommendation for Random Number Generation Using Deterministic Random Bit Generators document.

NIST's recommendation merely formalises advice it gave in 2013 when debate over the weak random number generator first emerged, courtesy of the “RSA scandal” in which it was alleged that the NSA had not only championed use of the weak random number generator, but that RSA had been paid to insert Dual_EC_DRBG and use it by default.

In spite of the “old news” nature of the announcement, it's something that matters to vendors, since NIST notes that ditching Dual_EC_DRBG is mandatory for any vendors that want their products to comply with US federal government guidance. Vendors, the standards body says, should not await further revisions to the recommendation document.

Users of crypto products who have been living under a rock, and therefore haven't already reconfigured their systems to use one of the other available random number generators, are reminded to do so now.

The alternative random number modules endorsed by NIST are Hash_DRBG, HMAC_DRBG, or CTR_DRBG. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.