Adopted by the organization in 2006, the standard was apparently authored almost exclusively by NSA cryptographic experts, and includes four Deterministic Random Bit Generators among which is one called Dual_EC_DRBG that should create random numbers to seed encryption keys but, as it turns out, the random numbers it produces have a small bias.
This does not come as a shock to expert cryptographer Bruce Schneier, nor his colleagues Dan Shumow and Niels Ferguson who, in 2007, published research detailing the flaw and theorizing that it is a deliberate back door. At the time, Schneier was puzzled as to why the NSA was so insistent about including this generator in the standard.
"It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy," he pointed out, and recommended that nobody use it.
According to the NYT, the standard was not only adopted by NIST, but by the International Organization for Standardization and Canada’s Communications Security Establishment, as well.
NIST has reacted to the revelation by stating that it "would not deliberately weaken a cryptographic standard" and that they would continue their mission "to work with the cryptographic community to create the strongest possible encryption standards for the US government and industry at large."
"NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA," they further explained.
Finally, in a gesture of good will and in the hopes to regain some of the trust they have lost from the security community, they have reopened the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C so that the public can peruse and comment on the standard for a second time.
"If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible," they concluded.