The Hacker News Logo
Subscribe to Newsletter

NOT JUST ONE! RSA adopted Two NSA Backdoored Encryption Tools

NOT JUST ONE! RSA Adopted Two NSA Backdoored Encryption Tools
The respected encryption and network security company RSA Security (now a division of EMC), whose respect was already on stack after revelation by former NSA contractor Edward Snowden revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which the most trusted security provider company RSA used in its Bsafe security tool. 

Until then RSA wasn't able to come up from this aspersion, a new document by Snowden revealed that RSA received $10 million from NSA for keeping Encryption Weak.

Researchers from Johns Hopkins, the University of Wisconsin, the University of Illinois have claimed that the RSA adopted one more NSA recommended tool called Extended Random extension for secure websites, which actually helps NSA to crack a version of the Dual Elliptic Curve software tens of thousands of times faster, Reuters reported.

Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC_DRBG) is a cryptographically secure pseudorandom number generator, that was developed by the National Security Agency (NSA) cryptographers and later adopted by RSA in its BSafe security kit, which also adopted Dual Elliptic Curve.

"While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection."

RSA intently denying the allegations, said it had not intentionally weakened security on any product. Extended Random had been removed from RSA’s protection software in the last six months.

"We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure."

Yet, it has not been disclosed that RSA has also taken any money from NSA for adding this second backdoor or not. But, the Story once again raised some disturbing questions in everyone’s mind about the relationship between the US intelligence agency NSA and the security provider company RSA.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.