Major security firm: Avoid NSA-linked algorithm

RSA Security warns customers that standard encryption code may have been intentionally weakened with NSA backdoor

Published September 20, 2013 12:47PM (EDT)


It is now widely understood, based on Edward Snowden's leaks, that the government had standard encryption algorithms intentionally weakened to provide a backdoor for NSA surveillance.

Essentially confirming these reports in the strongest possible terms, RSA Security -- the network security firm born of the same creators of the RSA public key cryptography algorithm -- warned its developer customers to avoid using the widely implemented, NSA-weakened algorithm (known as Dual Elliptic Curve Deterministic Random Bit Generation, or "Dual EC DRBG").

Wired reports:

In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.

In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.

The NSA reportedly used its influence, having intentionally weakened the encryption algorithm, to have the code added to the national standard for random number generators, used in everything from standard email encryption, to firewalls, to credit card transactions -- used by private and government sectors alike. Wired noted, "The algorithm was approved by NIST [National Institute of Standards and Technology] in 2006 for a standard governing random number generators."

It is a troubling thought that government influence pervades even the mathematical formulae determining standard encryption, to enable easier surveillance.

As professor Matthew D. Green, a cryptographer at Johns Hopkins University, has commented on the issue: the “NSA has a hard time breaking encryptions, so what they’ve done is they actually tried to take the products that perform encryptions and make them worse, make it weaker so it is easier for them to break that encryption.”

By Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email

MORE FROM Natasha Lennard

Related Topics ------------------------------------------

Algorithm Backdoor Cryptography Dual Ec Drbg Encryption Nsa Rsa Rsa Security Surveillance