Lucian Constantin reports:
The National Institute of Standards and Technology needs to hire more cryptographers and improve its collaboration with the industry and academia, reducing its reliance on the U.S. National Security Agency for decisions around cryptographic standards.
Lack of internal expertise in certain areas of cryptography and too much trust in the NSA led the NIST to ignore security concerns about a pseudorandom number generator called Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) in 2006, technical experts who reviewed the organization’s standards development process said in a report released Monday.
Read more on Computerworld.