RSA: That NSA crypto-algorithm we put in our products? Stop using that

    Date27 Sep 2013
    CategoryCryptography
    5723
    Posted ByDave Wreski
    Security biz RSA has reportedly warned its customers to stop using the default random-number generator in its encryption products - amid fears spooks can easily crack data secured by the algorithm. All encryption systems worth their salt require a source of virtually unpredictable random values to create strong cryptographic keys and similar things; one such source is the NSA-co-designed pseudo-random-number generator Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator, which is well known for being cryptographically weak: six years ago it was claimed that someone had crippled the design, effectively creating a backdoor [PDF] so that encryption systems that relied on it could be easily cracked.
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"7","type":"x","order":"1","pct":87.5,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.