Tech agency reexamining cryptographic standards after NSA revelations

A federal agency is reexamining its computer security standards after reports that the NSA deliberately weakened those standards to more easily gain access to encrypted communications.

The National Institute of Standards and Technology announced late last week that it will review the way it develops cryptographic standards as well as its current cryptographic standards.

“Our mission is to protect the nation’s IT infrastructure and information through strong cryptography,” the agency wrote.

“We cannot carry out that mission without the trust and assistance of the world’s cryptographic experts. We’re committed to continually earning that trust.”

Once the agency completes its review, it will invite public comment and “bring in an independent organization to conduct a formal review of our standards development approach and to suggest improvements,” according to the statement. 

“Based on the public comments and independent review, we will update our process as necessary to make sure it meets our goals for openness and transparency, and leads to the most secure, trustworthy guidance practicable.”

Joe Hall, chief technologist at the Center for Democracy and Technology, commended the agency on its decision to renew its processes and standards.

“This is a very strong response to claims that NIST has been undermined by the NSA,” he said.

“I think it's clear that NIST wants people to have little doubt that the standards they approve are as good as they possibly can be.”