The National Institute of Standards and Technology (NIST)...

the standards in September amid reports that the National Security Agency engineered weaknesses into the NIST standards, which the International Organization for Standardization subsequently adopted (CD Sept 11 p10). NIST said it now recommends that current users of Dual_EC_DRBG transition to one of the other three approved algorithms “as quickly as possible.” Federal agencies and other entities buying cryptographic products should ask their vendors if the products use Dual_EC_DRBG, and if so, should ask vendors to reconfigure those products, NIST said. The agency said it will accept public comments on the revised 800-90 standards until May 23. NIST subsequently re-evaluated its cryptographic standards development process and has proposed a revised version of that process (http://1.usa.gov/1rg6mpG). The Center for Democracy & Technology, a critic of NSA’s involvement in NIST standards development, praised NIST in comments filed Friday for revising its standards development process. But the group also urged NIST to articulate due process and a pledge to avoid “undue influence” from parties like NSA (http://bit.ly/1eWzkL2). A coalition of eight other groups -- including the Electronic Frontier Foundation, the New America Foundation’s Open Technology Institute and TechFreedom -- said Monday in a letter to NIST that the agency must take “pro-active steps toward implementing a more transparent, accountable process for standards development.” The groups want NIST to avoid NSA influence in the future and allow more feedback from independent experts.