RSA vetoes NSA-linked encryption algorithm

RSA advises customers to stop using the encryption algorithm leaked documents suggest contains a back door placed by the NSA

Security company RSA is advising developer customers to stop using an encryption algorithm that documents leaked by whistleblower Edward Snowden indicate contains a backdoor.

According to the leaked documents, the US National Security Agency (NSA) can bypass encryption that protects much of the data on the web.

Reports based on the documents said the NSA may have inserted a back door in the algorithm known as Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG).

In an attempt to restore faith in the encryption standards based on the algorithm, the US National Institute of Standards and Technology (Nist) has re-opened the public vetting process.

But RSA is advising developers to use alternative algorithms to the version under review, which is the default algorithm in one of RSA’s developer toolkits, according to

The security firm advisory tells developers how to change the default to one of a number of other random number generator algorithms.

The advisory also notes that RSA has also changed the default in its BSAFE toolkits and in an RSA key management system, RSA Data Protection Manager.

Read more about Prism

The company said that to “ensure a high level of assurance in their application, RSA strongly recommends customers discontinue use of Dual EC DRBG and move to a different pseudo random number generator (PRNG).”

According to reports, RSA is conducting an internal review of all of its products to ensure the NSA-fixed algorithm is not used in any of them.

In September 2013, the New York Times revealed exactly how the NSA compromised the encryption standard.

Internal memos leaked by Snowden suggest the NSA was responsible for one of the random number generators used in the 2006 Dual EC DRBG Nist standard.

As author of the random number generator, the NSA was able to predict the scrambling protocols, enabling it to access encrypted data.

The leaked memos also suggest NSA worked behind the scenes to push the same standard into the ISO and to become the sole editor of the standard.

The New York Times said Snowden’s revelations had eroded confidence in Nist standards.

Read more on Privacy and data protection