News

Researchers: RSA’s other NSA tool was also vulnerable

By admin
Spread the love

In addition to using a vulnerable Dual_EC_DRBG tool, RSA allegedly used Extended Random protection for websites developed by the NSA. The extension was also part of RSA’s Bsafe kit.

The claim that the RSA integrated not one but two NSA vulnerabilities into its products comes from scientists at Johns Hopkins University, University of Wisconsin and University of Illinois, Reuters reports. It would be a protocol called Extended Random, which is part of the same Bsafe package as the vulnerable Dual_EC_DRBG algorithm in the Dual Elliptic Curve software.

The backdoor in the extension could speed up cracking RSA’s Dual Elliptic Curve software tens of thousands of times, the researchers said. RSA does not confirm or deny the presence of the leak. The company does say that Extended Random was not popular and has therefore been removed from the security software in the past six months. It’s unclear whether the NSA paid the company for installing the tool.

The Extended Random protocol is supposed to boost the randomness of numbers generated by the random number generator of the Dual Elliptic Curve software, but the scientists couldn’t find any reason why the protocol would provide additional security. Predicting the numbers to be generated would be considerably easier for cryptography experts, however, if Extended Random is used. The scientists have detailed their findings in a document and promise to reveal more details.

You might also like
News

‘Microsoft wants to postpone deadline for Activision Blizzard…

News

Russian ministry bans iPhones due to suspicion of espionage

News

Huawei may release 5G smartphones again next year

News

Amazon goes to the EU Court for stricter supervision under the Digital Services Act

News

Foxconn scraps plans for chip production with Indian company

News

Chinese researchers brute force fingerprint scanner Android smartphones