RSA Warns Developers Not To Use RSA Products

rroman writes "RSA has recommended developers not to use Dual_EC_DRBG random number generator (RNG), which has been known to be weak and slow since 2006. The funny thing is, that even though this has been known for so long, it is the default RNG in BSafe cryptographic toolkit, which is product of RSA."

Re:The obligatory NSA question

[Billly+Gates]

Yep NSA did play a hand in this insecure logarithm.

Sadly just a month ago such a comment would be modded -1 offtopic or -1 flamebait as the equailivant of that crazy guy drunk talking to himself on the subway.

Slightly different topic, this algorithm seems very strong as it is what slashdotters say is a perfect encryption mathmatical algorithm. It is Elispse based so there are more numbers to guess and the seed process is very stenious to make it harder to crack. It seems like the best one which is why BASE libraries use it just on that evidence. Can a mathmatician or crypto expert explain why this NSA endorsed algorithm has so many problems compared to SHA-2 or BES?

Maybe not RSA, but certainly NSA

[Frosty+Piss]

or did NSA tell RSA to slip in a backdoor back in 2006

It's not so much the possibility that the NSA influenced RSA, rather they influenced the standard itself.

Here's the whole story according to Bruce Schneier:

http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

OpenBSD entropy

[funkboy]

Yet another reason that validates OpenBSD developers having spent years improving the quality of random number generation.

Say what you want about Theo, but their developers are top-notch and their stuff really works.