Stop using NSA-influenced code in our products, RSA tells customers | Ars Technica

Stop using NSA-influenced code in our products, RSA tells customers | Ars Technica.

RSA Security, a noted data security tool maker, is advising its customers to stop making use of its BSAFE toolkit and Data Protection Manager, as it apparently includes a back-door-type vulnerability in the underlying cryptographic standard, which was engineered with input from the National Security Agency (“NSA”).

In particular, the Dual EC_DRBG pseudo random number generation routines used in these tools were deliberately compromised and/or crippled, thus undermining the security of most, if not all, of the cyptography systems which make use of it.

These vulnerabilities potentially extend to such products the McAfee Firewall Enterprise Control Center and other products using BSAFE or other systems relying upon Dual EC_DRBG.

The concern arising from this intentionally introduced vulnerability is that, not only does it make any data protected using this standard potentially open to penetration by governmental agencies, but that it undermines the overall reliability of the encryption, thus also throwing encryption based on this technology open to hacking by either foreign governments or criminal hackers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s