Sunday, October 6, 2013

Dual_EC_DRBG Usage in Evaluations

This information is intended to be of use to those working under all the CCRA national evaluation schemes. Some of whom are updating policies relevant to this topic. This blog is not intended as an atsec opinion about the underlying issues.

On September 9th this year, NIST posted the following announcement:

In light of recent reports, NIST is reopening the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C.
NIST is interested in public review and comment to ensure that the recommendations are accurate and provide the strongest cryptographic recommendations possible. The public comments will close on November 6, 2013. Comments should be sent to

In addition, the Computer Security Division has released a supplemental ITL Security Bulletin titled "NIST Opens Draft Special Publication 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, For Review and Comment (Supplemental ITL Bulletin for September 2013)" to support the draft revision effort.
The above-mentioned ITL Security Bulletin makes the following recommendation:
NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.
We have found that the following Protection Profiles allow for the optional claims of the Dual_EC_DRBG random number generator in FCS_RBG_EXT.1:
  • Protection Profile for Software Full Disk Encryption
  • Protection Profile for USB Flash Drives
  • Security Requirements for Mobile Operating Systems
  • Security Requirements for Voice Over IP Application
  • Network Device Protection Profile (NDPP) Extended Package VPN Gateway
  • Protection Profile for Network Devices
  • Standard Protection Profile for Enterprise Security Management Policy Management
  • Standard Protection Profile for Enterprise Security Management Identity and Credential Management
  • Standard Protection Profile for Enterprise Security Management Access Control
  • Protection Profile for IPsec Virtual Private Network (VPN) Clients
  • Protection Profile for Wireless Local Area Network (WLAN) Access Systems
  • Protection Profile for Wireless Local Area Network (WLAN) Clients
Since some schemes have different policies in regard to this topic, we recommend that vendors and labs check with their scheme before including this algorithm in their security claims.

~the atsec team

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.