News

RSA vetoes NSA-linked encryption algorithm

Warwick Ashford

Security company RSA is advising developer customers to stop using an encryption algorithm that documents leaked by whistleblower Edward Snowden indicate contains a backdoor.

According to the leaked documents, the US National Security Agency (NSA) can bypass encryption that protects much of the data on the web.

44733_security-image.jpg

Reports based on the documents said the NSA may have inserted a back door in the algorithm known as Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG).

In an attempt to restore faith in the encryption standards based on the algorithm, the US National Institute of Standards and Technology (Nist) has re-opened the public vetting process.

But RSA is advising developers to use alternative algorithms to the version under review, which is the default algorithm in one of RSA’s developer toolkits, according to Wired.com.

The security firm advisory tells developers how to change the default to one of a number of other random number generator algorithms.

The advisory also notes that RSA has also changed the default in its BSAFE toolkits and in an RSA key management system, RSA Data Protection Manager.

The company said that to “ensure a high level of assurance in their application, RSA strongly recommends customers discontinue use of Dual EC DRBG and move to a different pseudo random number generator (PRNG).”

According to reports, RSA is conducting an internal review of all of its products to ensure the NSA-fixed algorithm is not used in any of them.

In September 2013, the New York Times revealed exactly how the NSA compromised the encryption standard.

Internal memos leaked by Snowden suggest the NSA was responsible for one of the random number generators used in the 2006 Dual EC DRBG Nist standard.

As author of the random number generator, the NSA was able to predict the scrambling protocols, enabling it to access encrypted data.

The leaked memos also suggest NSA worked behind the scenes to push the same standard into the ISO and to become the sole editor of the standard.

The New York Times said Snowden’s revelations had eroded confidence in Nist standards.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy