Justin Kahn
Posts: 752 +6
The NSA is long suspected of engineering intentional security holes to a network standard algorithm some seven years ago that allowed it to circumvent encryption systems. Now, the US federal cybersecurity agency responsible for these types of standards wants the matter to be re-examined, saying that it will be reopening discussions surrounding the security of the specific algorithm.
This has prompted network security company RSA to tell its developers to stay away from the standard completely. The security firm is now recommending that all its devs stop using the algorithm pending further inspection by the National Institute of Standards and Technology.
The suspicions are based on leaked internal NSA documents that seemingly confirm the agency's involvement in tampering with the standard. In fact, the documents pointed at the company eventually taking full control of it and then forcing it through the International Organization for Standardization approval process.
RSA currently employs this specific standard (SP 800–90A Dual Ellipctic Curve Deterministic Random Bit Generation) as the default in its BSAFE security libraries. The company is instructing developers how to properly replace the number generator with something that the NSA isn't known to be tapped into.
