(Shutterstock)

Major security firm: Avoid NSA-linked algorithm

RSA Security warns customers that standard encryption code may have been intentionally weakened with NSA backdoor


Natasha Lennard
September 20, 2013 4:47PM (UTC)

It is now widely understood, based on Edward Snowden's leaks, that the government had standard encryption algorithms intentionally weakened to provide a backdoor for NSA surveillance.

Essentially confirming these reports in the strongest possible terms, RSA Security -- the network security firm born of the same creators of the RSA public key cryptography algorithm -- warned its developer customers to avoid using the widely implemented, NSA-weakened algorithm (known as Dual Elliptic Curve Deterministic Random Bit Generation, or "Dual EC DRBG").

Advertisement:

Wired reports:

In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.

In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.

The NSA reportedly used its influence, having intentionally weakened the encryption algorithm, to have the code added to the national standard for random number generators, used in everything from standard email encryption, to firewalls, to credit card transactions -- used by private and government sectors alike. Wired noted, "The algorithm was approved by NIST [National Institute of Standards and Technology] in 2006 for a standard governing random number generators."

It is a troubling thought that government influence pervades even the mathematical formulae determining standard encryption, to enable easier surveillance.

As professor Matthew D. Green, a cryptographer at Johns Hopkins University, has commented on the issue: the “NSA has a hard time breaking encryptions, so what they’ve done is they actually tried to take the products that perform encryptions and make them worse, make it weaker so it is easier for them to break that encryption.”


Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

MORE FROM Natasha LennardFOLLOW natashalennardLIKE Natasha Lennard

Related Topics ------------------------------------------

Algorithm Backdoor Cryptography Dual Ec Drbg Encryption Nsa Rsa Rsa Security Surveillance

BROWSE SALON.COM
COMPLETELY AD FREE,
FOR THE NEXT HOUR

Read Now, Pay Later - no upfront
registration for 1-Hour Access

Click Here
7-Day Access and Monthly
Subscriptions also available
No tracking or personal data collection
beyond name and email address

•••






Fearless journalism
in your inbox every day

Sign up for our free newsletter

• • •