Deliberately flawed? RSA Security tells customers to drop NSA-related encryption algorithm

20 Sep, 2013 10:31 / Updated 11 years ago

An encryption algorithm with a suspected NSA-designed backdoor has been declared insecure by the developer after years of extensive use by customers worldwide, including the US federal agencies and government entities.

Major US computer security company RSA Security, a division of EMC, has privately warned thousands of its customers on Thursday to immediately discontinue using all versions of company's BSAFE toolkit and Data Protection Manager (DPM), both using Dual_EC_DRNG (Dual Elliptic Curve Deterministic Random Bit Generator) encryption algorithm to protect sensitive data.

“To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual_EC_DRNG [cryptographic keys generator] and move to a different PRNG [Pseudo-random Number Generator],” warned RSA’s letter, as quoted by The Wall Street Journal.

In the letter the RSA provided BSAFE Toolkits and DPM customers with a link to technical guidance to change the PRNG settings in their products and promised to update the algorithm library.

The letter does not mention RSA’s flagship SecurID tokens, used by millions of employees around the world to get secure access to their corporate networks.

In 2006, the US National Institute of Standards and Technology (NIST) followed by the International Organization for Standardization officially endorsed Dual_EC_DRNG, so encryption software base on it was used for years by both private sector and US government agencies.

Last week the New York Times published new revelations by former National Security Agency contractor Edward Snowden, exposing that crucial encryption algorithm of certain US-developed security software is based on weak mathematical formula intentionally crippled to facilitate NSA access to encrypted dataflow.

On Wednesday, ArsTechnica media outlet sent an inquiry to RSA on whether it is going to alert its customers that company’s BSAFE product operates a “deliberately crippled pseudo random number generator (PRNG), which is so weak that it undermines the security of most or all cryptography systems that use it.”

A mere 24 hours after that notification, the RSA issued an advisory to stop using compromised software.

The RSA letter never mentions the NSA, although “due to the debate around the Dual_EC_DRNG standard” the company invites experts to take part in recently reopened public expertise of SP 800-90 security standard by the National Institute of Standards and Technology (NIST).

According to NIST the RSA’s Dual_EC_DRNG tool is used in dozens of third-party products that implement cryptographic functions, such as McAfee Firewall Enterprise Control Center.

Which means that all of them are also using ‘corrected’ random number generator with implanted backdoor used by the NSA; but as ArsTechnica suspects – not only the NSA anymore.

ArsTechnica claims that an “untold number” of third-party products “may be bypassed not only by advanced intelligence agencies, but possibly by other adversaries who have the resources to carry out attacks.”  Specially-designed hardware using a simple trial and error method can relatively quickly go through possible keys until the correct one is generated.

What is more significant, ArsTechnica warns, is that the BSAFE tool is the default RNG in a "large number of derivative crypto systems that are highly susceptible to being broken.”

Cryptography experts did not approve of the NIST’s decision to choose Dual_EC_DRNG as major encrypting tool from the very beginning and for years speculated over its sluggish performance and the ‘discrete logarithm’ mathematical basis.

But a person familiar with the process told Reuters that NIST accepted Dual_EC_DRNG in the first place because many US government agencies were already using it.

As Professor Mathew Green, a cryptographer at Johns Hopkins University, claims in his latest publication, when NIST embraced Dual_EC_DRNG, the tool had no security proof.

Last week Professor Green told RT that the “NSA has a hard time breaking encryptions, so what they’ve done is they actually tried to take the products that perform encryptions and make them worse, make it weaker so it is easier for them to break that encryption.”

“[The] NSA is willing to make the US security a little bit weaker,” Green said.


Just this week Symantec computer security experts maintained they’ve identified an elite group of Chinese hackers who have targeted the systems of US major technology companies like Adobe, Dow Chemical, Google, Northrup Grumman, Yahoo and even Symantec itself since at least 2009.

Earlier in 2013, the NSA was exposed as an agency that enjoyed global internet data flow control for years, using its behemoth PRISM surveillance program along with other costly projects. But despite practically limitless web control capabilities, the agency failed to prevent foreign IT experts, particularly from China, performing high-profile hacks of American companies and other entities.