NIST Removes NSA-Tainted Algorithm From Cryptographic Standards

The National Institute of Standards and Technology has finally removed a cryptographic algorithm from its draft guidance on random number generators, more than six months after leaked top-secret documents suggested the algorithm had been deliberately sabotaged by the National Security Agency.

The announcement came as NIST opened to a final round of public comments its revised Special Publication 800-90a, which contains three algorithms now that the Dual Elliptic Curve Deterministic Random Bit Generator has been removed following negative feedback from the public.

According to documents leaked by former contractor Edward Snowden in September, NSA “became the sole editor” of Special Publication 800-90 and allegedly introduced weaknesses to the now-removed algorithm.

NIST responded swiftly to that news, recommending against using the standards and suggesting reopening them to public scrutiny in an effort to rebuild trust with the public.