BSAFE EC_DRBG

2004 use Dual EC DRBG as the default in BSAFE toolkits
http://blogs.rsa.com/news-media-2/rsa-response/

2006, SP800-90, Deterministic Random Bit Generators (DRBGs).


2007 On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng
http://rump2007.cr.yp.to/15-shumow.pdf

2007-11-15 Did NSA Put a Secret Backdoor in New Encryption Standard?
https://www.schneier.com/essay-198.html


2009 Security Analysis of DRBG Using HMAC in NIST SP 800-90
http://repo.flib.u-fukui.ac.jp/dspace/bitstream/10098/2126/1/art.pdf


2012 SP800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators
http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf

2013-09 The Many Flaws of Dual_EC_DRBG
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html?

2013-09 SUPPLEMENTAL ITL BULLETIN FOR SEPTEMBER 2013
http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf

http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?_r=0

http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/

Dual EC_DRBG
Dual Elliptic Curve Deterministic Random Bit Generator