General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsRSA warns over NSA link to encryption algorithm
Source: BBC
RSA warns over NSA link to encryption algorithm
RSA, the internet security firm, has warned customers not to use one of its own encryption algorithms after fears it can be unlocked by the US National Security Agency (NSA).
In an advisory note to its developer customers, RSA said that a default algorithm in one of its toolkits could contain a "back door" that would allow the NSA to decrypt encrypted data.
It "strongly recommends" switching to other random number generators.
RSA is reviewing all its products.
[font size=1]-snip-[/font]
Read more: http://www.bbc.co.uk/news/technology-24173977
Aerows
(39,961 posts)has really shat in their own mess kit.
Fawke Em
(11,366 posts)My company sells RSA and our customers need to know this.
hootinholler
(26,449 posts)No way the NSA can decrypt RSA 256! I seem to remember hearing that when I suggested it was possible.
If *I* were a spook who wanted to be able to decrypt stuff, I would introduce some bias that allows the private key to be guessed at from examining the public key. But I'm no mathemagician nor am I anywhere near being a crypto-spook.
MineralMan
(146,254 posts)People put NSA generated code in lots of things. After all, the NSA is probably the most sophisticated source of encryption information anywhere. They're glad to help people design encryption and security software.
Look on their website. They're proud of their work with the industry. If you're a cryptographer, the NSA is the plum job, and they hire the best and brightest right out of the Universities.
You can start here:
http://www.nsa.gov/research/selinux/index.shtml
There's lots more. It's one of the things they do, after all.