"Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members."
Wonder if it is referring to the Dual_EC_DRBG RNG.
Well, it goes on to say "Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency." The Dual_EC_DRBG vulnerability was revealed by two Microsoft researchers in 2007: http://rump2007.cr.yp.to/15-shumow.pdf
So I'd say yes, it sounds like that's what they're talking about.
Speaking of which, I'm really quite frustrated how many of these recent reports about the NSA elide the technical details. You have to read between the lines to figure out what's really going on, what weaknesses there really are.
As a matter of security, it would be better to know specifically what vulnerabilities there really are. Merely the announcement of vulnerabilities can allow a dedicated black-hat to find and exploit it; but someone who's trying to secure their system, and isn't following cryptography incredibly closely, won't know what they need to do or change to make their systems more secure against these types of attacks.
There's a reason that the security community advocates for full disclosure (or at least responsible disclosure, if it's possible to selectively disclose to a few vendors so they can do a coordinated release that fixes the vulnerability before it becomes public), in which you completely disclose a vulnerability so people aren't left guessing about it.
> Speaking of which, I'm really quite frustrated how many of these recent reports about the NSA elide the technical details.
Are you? Well please sign up to work for the NSA, learn the technical details, then go public with them. The reason that the NYTimes isn't publishing the technical details is because they DON'T KNOW THEM. (They might not publish them if they did.) They don't know them because Edward Snowden was a system administrator not a cryptography expert and he's releasing memos about the process.
> "Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others."
NYT, the Guardian, etc do have access to these details, but chose not to publish them.
They say that they were asked not to publish at all, but did so anyway and chose to remove some specific facts. I don't understand how you get from that to concluding that they know (and are suppressing) the particular vulnerabilities that the NSA is exploiting.
I assumed it was that and that case is puzzling but benign as the algorithm is much too slow to be chosen compared to the alternatives[1]. As far as anyone can tell this wasn't their best work:
If this story leaves you confused, join the club. I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.
Wonder if it is referring to the Dual_EC_DRBG RNG.