Security company RSA is advising developer customers to stop using an encryption algorithm that documents leaked by whistleblower Edward Snowden indicate contains a backdoor.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
According to the leaked documents, the US National Security Agency (NSA) can bypass encryption that protects much of the data on the web.
Reports based on the documents said the NSA may have inserted a back door in the algorithm known as Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG).
But RSA is advising developers to use alternative algorithms to the version under review, which is the default algorithm in one of RSA’s developer toolkits, according to Wired.com.
The security firm advisory tells developers how to change the default to one of a number of other random number generator algorithms.
The advisory also notes that RSA has also changed the default in its BSAFE toolkits and in an RSA key management system, RSA Data Protection Manager.
Read more about Prism
- Security Think Tank: Prism fallout could be worse than security risks
- Security Think Tank: Prism is dangerous for everyone
- Security Think Tank: Prism – Sitting duck or elaborate honeypot?
- NSA surveillance whistleblower reveals identity
- US repeatedly hacked China, claims NSA whistleblower
- FBI spies on internet users
- UK links to US internet surveillance remain unclear
- Technology companies call for more transparency over data requests
- Compliance: The Edward Snowden, NSA program controversy continues
The company said that to “ensure a high level of assurance in their application, RSA strongly recommends customers discontinue use of Dual EC DRBG and move to a different pseudo random number generator (PRNG).”
According to reports, RSA is conducting an internal review of all of its products to ensure the NSA-fixed algorithm is not used in any of them.
In September 2013, the New York Times revealed exactly how the NSA compromised the encryption standard.
Internal memos leaked by Snowden suggest the NSA was responsible for one of the random number generators used in the 2006 Dual EC DRBG Nist standard.
As author of the random number generator, the NSA was able to predict the scrambling protocols, enabling it to access encrypted data.
The leaked memos also suggest NSA worked behind the scenes to push the same standard into the ISO and to become the sole editor of the standard.
The New York Times said Snowden’s revelations had eroded confidence in Nist standards.