NSA-engineered cybersecurity hole prompts RSA to drop network encryption standard

By on September 20, 2013, 2:30 PM

The NSA is long suspected of engineering intentional security holes to a network standard algorithm some seven years ago that allowed it to circumvent encryption systems. Now, the US federal cybersecurity agency responsible for these types of standards wants the matter to be re-examined, saying that it will be reopening discussions surrounding the security of the specific algorithm.

This has prompted network security company RSA to tell its developers to stay away from the standard completely. The security firm is now recommending that all its devs stop using the algorithm pending further inspection by the National Institute of Standards and Technology.

The suspicions are based on leaked internal NSA documents that seemingly confirm the agency's involvement in tampering with the standard. In fact, the documents pointed at the company eventually taking full control of it and then forcing it through the International Organization for Standardization approval process.

RSA currently employs this specific standard (SP 800–90A Dual Ellipctic Curve Deterministic Random Bit Generation) as the default in its BSAFE security libraries. The company is instructing developers how to properly replace the number generator with something that the NSA isn't known to be tapped into.




User Comments: 3

Got something to say? Post a comment
Darth Shiv Darth Shiv said:

Great to see that action is being taken to protect people. If the NSA knows the exploits, how long until even more malicious people or organisations do?

Guest said:

Who do you thing commissions the NSA to do what they do, the American Populace? We're their prey.

Guest said:

Terrorist rejoice!

Us stupid Western folk just tore down another of our defences. Our never ending guilt complex will let your backwards methods kill us all eventually, as we embrace the false panacea of equality and freedom for all thereby removing all barricades to annihilation of our society.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.