A few weeks ago, I disagreed with security luminary Bruce Schneier when he asserted that most vendors have NSA-friendly backdoors and cannot be trusted. Make no mistake, I don't dismiss the idea that some vendors capitulated to the NSA -- but I doubt it's most.
Bruce was probably alluding to the fact that some vendors have willingly worked with the security agency and inserted hidden backdoors the NSA can use. I'm guessing he's also referring to scenarios where the NSA was successful in placing weakened crypto in popular ciphers. The latter scenario has been played out at least twice in the last few decades. The trick is in figuring out which vendors participated as willing NSA partners.
[ Also on InfoWorld: Who's standing up NSA snooping? None other than John McAfee. | Build and deploy an effective defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
The first instance I'm aware of where the NSA intentionally tried to weaken a public cipher was the DES (Data Encryption Standard), which was developed in the 1970s by IBM. It was a good cipher for its time, although wouldn't be secure at all today due to its small key size (and the myriad of successful attacks).
DES was originally a 56-bit cipher, but the NSA made a modification that grew it to 64 bits, supposedly to make it more secure. A review by many of the world's cryptographers revealed that the extra eight bits added almost no extra security. This confused many experts and made them suspicious of the NSA. Why should a 56-bit cipher require a 64-bit encryption key? Nonetheless, as far as we know, the extra eight bits did not weaken DES.
Guess the magic number
Enter Dual_EC_DRBG, a discrete random number generator (RNG) introduced as a standard by NIST (National Institute of Standards and Technology). RNGs -- better termed pseudo-RNGs -- are the starting point for many cipher algorithms.