Editing Random number generator attack (section)

===Possible backdoor in Elliptic Curve DRBG===
The U.S. [[National Institute of Standards and Technology]] has published a collection of "deterministic random bit generators" it recommends as NIST Special Publication 800-90.<ref>
{{cite journal
| url=http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
| title=Recommendation for Random Number Generation Using Deterministic Random Bit Generators
| journal=[[NIST]]
| date=January 2012
|author1=Barker, Elaine |author2=Kelsey, John | doi=10.6028/NIST.SP.800-90A
}}
</ref> One of the generators, [[Dual_EC_DRBG]], was favored by the [[National Security Agency]].<ref>
{{cite journal
|last=Schneier
|first=Bruce
|title=Did NSA Put a Secret Backdoor in New Encryption Standard?
|url=https://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
|journal=[[Wired (website)|Wired]]
|archiveurl=https://web.archive.org/web/20080511193207/http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
|archivedate=May 11, 2008
|date=November 15, 2007}} [https://www.schneier.com/essay-198.html Alt URL]
</ref> Dual_EC_DRBG uses [[elliptic curve cryptography|elliptic curve technology]] and includes a set of recommended constants. In August 2007, Dan Shumow and Niels Ferguson of [[Microsoft]] showed that the constants could be constructed in such a way as to create a [[kleptographic]] [[Backdoor (computing)|backdoor]] in the algorithm.<ref>
{{cite web
|title=On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng
|url=http://rump2007.cr.yp.to/15-shumow.pdf
|work=cr.yp.to/
|author=Shumow, Dan
|author2=Ferguson, Niels
 |date=21 August 2007}}
</ref> 
In September 2013 ''The New York Times'' wrote that "the N.S.A. had inserted a back door into a 2006 standard adopted by N.I.S.T... called the Dual EC DRBG standard",<ref>{{cite news| url=http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/ | newspaper=The New York Times | first1=Nicole | last1=Perlroth | title=Government Announces Steps to Restore Confidence on Encryption Standards | date=10 September 2013}}</ref> thereby revealing that the NSA carried out a malware attack against the American people.
In December 2013, Reuters reported that documents released by [[Edward Snowden]] indicated that the [[NSA]] had paid [[RSA Security]] $10 million to make Dual_EC_DRBG the default in their encryption software, and raised further concerns that the algorithm might contain a backdoor for the NSA.<ref>{{cite news | url=https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220 | title=Exclusive: Secret contract tied NSA and security industry pioneer | date=December 20, 2013 | work=Reuters | accessdate=December 20, 2013 | author=Menn, Joseph | location=San Francisco}}</ref> Due to these concerns, in 2014, NIST withdrew Dual EC DRBG from its draft guidance on random number generators, recommending "current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible."<ref>{{cite news| url=https://www.nist.gov/itl/csd/sp800-90-042114.cfm | work=National Institute of Standards and Technology | title=NIST Removes Cryptography Algorithm from Random Number Generator Recommendations | date=21 April 2014}}</ref>