Government Standards Agency “Strongly” Suggests Dropping its Own Encryption Standard – Encryption
But in a little-noticed footnote, NIST went a step further, saying it is “strongly” recommending against even using one of the standards. The institute sets standards for everything from the time to weights to computer security that are used by the government and widely adopted by industry.
In its statement Tuesday, NIST acknowledged that the NSA participates in creating cryptography standards “because of its recognized expertise” and because NIST is required by law to consult with the spy agency.
“We are not deliberately, knowingly, working to undermine or weaken encryption,” NIST chief Patrick Gallagher said at a public conference Tuesday.
Various versions of Microsoft Windows, including those used in tablets and smartphones, contain implementations of the standard, though the NSA-influenced portion isn’t enabled by default. Developers creating applications for the platform must choose to enable it.
The New York Times noted earlier this week that documents provided by Snowden show the spy agency played a crucial role in writing the standard that NIST is now cautioning against using, which was first published in 2006.