comments_image Comments

Major security firm: Avoid NSA-linked algorithm

It is now widely understood, based on Edward Snowden's leaks, that the government had standard encryption algorithms intentionally weakened to provide a backdoor for NSA surveillance.

Essentially confirming these reports in the strongest possible terms, RSA Security -- the network security firm borne of the same creators of the RSA public key cryptography algorithm -- warned its developer customers to avoid using the widely implemented, NSA-weakened algorithm (known as Dual Elliptic Curve Deterministic Random Bit Generation, or "Dual EC DRBG").

Wired reports:

In its advisory, RSA said that all versions of RSA BSAFE Toolkits, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C were affected.

In addition, all versions of RSA Data Protection Manager (DPM) server and clients were affected as well.

Continue Reading...