In a technical description of Dual EC DRBG's "parameters, P & Q," which came "ultimately from designers of Dual EC DRBG at NSA," the basic question is: "What if you don't trust the people who generated P and Q?"
The NIST document then states, "P and Q can be generated to insert a backdoor," noting this issue was raised years ago. The NIST document says news stories suggesting that Dual EC had a trap door inserted by the NSA "put the discussions in an entirely different light." NIST issued a "bulletin telling everyone to stop using Dual EC DRBG until further notice" back in the fall of last year.
"Our current plan is to remove Dual EC DRBG," the NIST document states. "Its performance is pretty slow; many vendors have already scrambled to remove or disable it in their products." The document says there may be a "phase-out period."
The topic of the NSA and trust keeps grinding along in countless media reports. Today, for instance, at the World Economic Forum Annual Meeting in Davos, Swizerland, Yahoo CEO Marissa Mayer is quoted as saying during a panel discussion that she wants the Obama administration to provide greater transparency on data collected by the NSA. "We need to be able to rebuild trust with our users, not only in the U.S. but internationally," she said.
However, in his speech about the NSA last week, President Obama did not take up the prickly topic of NSA backdoors or weakening encryption, leaving no indication he will.
Sign up for CIO Asia eNewsletters.