As part of the deal, RSA Security will provide backdoors that the NSA can make use of in order to gain access to crucial information stored in what used to be a relatively safe database. This backdoor involves setting a particular random number generator (DUAL_EC_DRBG) as a default in its BSAFE cryptographic library. This doesn't sound like much of a big deal, but there is clear evidence pointing to the fact that this particular random number generator'soutcomes can be predicted effectively under some conditions. This wasdiscovered at some point in 2005.
RSA Security has come out with the news to its customers, telling them not to use the default generator, but as the old adage goes, "too little, too late." Customers who have long had faith in RSA and are unaware of the $10 million deal will not have the time to make a complete switchover on their algorithms.
No comments:
Post a Comment