WASHINGTON: United States intelligence agency the NSA subverted a standards process to be able to break encryption more easily, according to leaked documents, the British Broadcasting Corporation reported on Wednesday.
It had written a flaw into a random-number generator that would allow the agency to predict the outcome of the algorithm, the New York Times reported.
The agency had used its influence at a standards body to insert the backdoor, said the report.
The NSA had made no comment at the time of writing.
According to the report, based on a memo leaked by former NSA contactor Edward Snowden, the agency had gained sole control of the authorship of the Dual_EC_DRBG algorithm and pushed for its adoption by the National Institute of Standards and Technology into a 2006 US government standard.
The NSA had wanted to be able to predict numbers generated by certain implementations of the algorithm, to crack technologies using the specification, said the report.
Nist standards are developed to secure US government systems and used globally.
The standards body said that its processes were open, and that it “would not deliberately weaken a cryptographic standard”.
“Recent news reports have questioned the cryptographic standards development process at Nist,” the body said in a statement.
“We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place.”
It was unclear which software and hardware had been weakened by including the algorithm, according to software developers and cryptographers.
For example, Microsoft had used the algorithm in software from Vista onwards, but had not enabled it by default, users on the Cryptography Stack Exchange pointed out.
The algorithm has been included in the code libraries and software of major vendors and industry bodies, including Microsoft, Cisco Systems, RSA, Juniper, RIM for Blackberry, OpenSSL, McAfee, Samsung, Symantec, and Thales, according to Nist documentation.NSA ‘altered random-number generator’ by ngcareers