The panel of experts also looked at two other issues: NIST's decision to recommend NSA-chosen elliptic curves for ECDSA (Elliptic Curve Digital Signature Algorithm) in the FIPS 186 (Digital Signature Standard), and the recommendation of certain NSA-designed cipher modes for specific uses in the SP 800-38 series (Recommendation for Block Cipher Modes of Operation), despite evidence of security weaknesses.
The damage caused by a Dual_EC_DRBG backdoor may be small because few users may have actually used the pseudorandom number generator, Rivest said. However, "the damage to NIST and its credibility for developing trustworthy cryptographic standards is considerable. Not only do other NIST standards developed in coordination with the NSA now need critical review, but the process for developing future standards needs re-assessment and reformulation."
"NIST may seek the advice of the NSA on cryptographic matters but it must be in a position to assess it and reject it when warranted," VCAT said in its report. "This may be accomplished by NIST itself or by engaging the cryptographic community during the development and review of any particular standard."
Sign up for Computerworld eNewsletters.