Major security firm: Avoid NSA-linked algorithm

RSA Security warns customers that standard encryption code may have been intentionally weakened with NSA backdoor

Topics: NSA, encryption, algorithm, RSA, RSA Security, Surveillance, backdoor, cryptography, Dual EC DRBG, ,

Major security firm: Avoid NSA-linked algorithm (Credit: Shutterstock)

It is now widely understood, based on Edward Snowden’s leaks, that the government had standard encryption algorithms intentionally weakened to provide a backdoor for NSA surveillance.

Essentially confirming these reports in the strongest possible terms, RSA Security — the network security firm born of the same creators of the RSA public key cryptography algorithm — warned its developer customers to avoid using the widely implemented, NSA-weakened algorithm (known as Dual Elliptic Curve Deterministic Random Bit Generation, or “Dual EC DRBG”).

Wired reports:

In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.

In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.



The NSA reportedly used its influence, having intentionally weakened the encryption algorithm, to have the code added to the national standard for random number generators, used in everything from standard email encryption, to firewalls, to credit card transactions — used by private and government sectors alike. Wired noted, “The algorithm was approved by NIST [National Institute of Standards and Technology] in 2006 for a standard governing random number generators.”

It is a troubling thought that government influence pervades even the mathematical formulae determining standard encryption, to enable easier surveillance.

As professor Matthew D. Green, a cryptographer at Johns Hopkins University, has commented on the issue: the “NSA has a hard time breaking encryptions, so what they’ve done is they actually tried to take the products that perform encryptions and make them worse, make it weaker so it is easier for them to break that encryption.”

Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 5
  • Close
  • Fullscreen
  • Thumbnails

    “One girl can be silenced, but a nation of girls telling their stories becomes free” slideshow

    A photo contest winner

    “One girl can be silenced, but a nation of girls telling their stories becomes free” slideshow

    A photo contest winner

    “One girl can be silenced, but a nation of girls telling their stories becomes free” slideshow

    Superhero Project

    “In life many people have two faces. You think you know someone, but they are not always what they seem. You can’t always trust people. My hero would be someone who is trustworthy, honest and always has their heart in the right place.” Ateya Grade 9 @ Mirman Hayati School (Herat, Afghanistan)

    “One girl can be silenced, but a nation of girls telling their stories becomes free” slideshow

    Superhero Project

    “I pray every night before I go to bed for a hero or an angel capable of helping defenseless children and bringing them happiness. I reach up into the sky hoping to touch a spirit who can make my wish come true.” Fatimah Grade 9 @ Majoba Hervey (Herat, Afghanistan)

  • Recent Slide Shows

Comments

Loading Comments...