RSA Warns Developers Not To Use RSA Products

rroman writes "RSA has recommended developers not to use Dual_EC_DRBG random number generator (RNG), which has been known to be weak and slow since 2006. The funny thing is, that even though this has been known for so long, it is the default RNG in BSafe cryptographic toolkit, which is product of RSA."

Doesn't matter

Surely no-one in their right mind is still using crypto software from US companies? None of it can be trusted any more.

Re:Doesn't matter

I see that you're not using American software, let's go into this back room and you can tell me why you hate America.

The obligatory NSA question

[hsa]

Is NSA finding this RNG hard to crack, or did NSA tell RSA to slip in a backdoor back in 2006 - and RSA folks are trying to crawl out of the hole they dug for themselves?

Re:The obligatory NSA question

[Billly+Gates]

Yep NSA did play a hand in this insecure logarithm.

Sadly just a month ago such a comment would be modded -1 offtopic or -1 flamebait as the equailivant of that crazy guy drunk talking to himself on the subway.

Slightly different topic, this algorithm seems very strong as it is what slashdotters say is a perfect encryption mathmatical algorithm. It is Elispse based so there are more numbers to guess and the seed process is very stenious to make it harder to crack. It seems like the best one which is why BASE libraries use it just on that evidence. Can a mathmatician or crypto expert explain why this NSA endorsed algorithm has so many problems compared to SHA-2 or BES?

Re:The obligatory NSA question

The problem is that the magic numbers used in the algorithm have no known source so no one in the community can go back and find the justification for them. They are just there. I see the potential vulnerability here is that if you know the base numbers here, and since it is elliptical, that it simplifies the brute-force decryption process. How much? We don't know, yet. The problem is being looked at as I type.

Re:The obligatory NSA question

[icebike]

I've never seen any examples of negative press from government sources.

More likely the US simply developed an entire line of dedicated processors that can crack almost any code.
This probably happened about the same time they dropped their designation of encryption as a munition.
They already had the solution in hand.

However, when real time continuous encryption started to be the norm, (like encrypted Skype, VPNs in routers, and SSL everywhere)
they simply bought their way into the companies doing it, and induced them with money and contracts.

I've stated more than once here that I believe it will be eventually revealed that the NSA fully funded Microsoft's acquisition of SKYPE.
Probably because EBay was incompetent and not terribly interested in ripping out the un-traceable routing via small
remotely distributed groups of nodes and many volunteer notes.
Even if Ebay did provide access to the encryption technology, they couldn't circumvent the routing issues to provide taps.

The first thing Microsoft did was route all traffic through their servers. No more routing via anonymous "volunteers" or off-shore
peer-to-peer technology. It now goes direct to Microsoft and then to the other party. There was never a business case to do this.
It was working just fine, and hasn't improved since Microsoft took over. There was ONLY ever an intelligence case to make this change.
Why would Microsoft take on that expense for free? Because the NSA bought Skype for them.

Re:The obligatory NSA question

[jthill]

It wasn't RSA. They trusted the NSA, with good reason. The NSA had earned the trust of just about everybody in the community by improving DES with changes nobody understood until fifteen years later.

Then someone figured out that the way this new RNG is set up, the constants the NSA chose *could be* the public half of an asymmetric key, and if so the RNG's state could be read with very little effort by anyone in possession of the private half. There is no mathematical way at all to tell whether this is the case, but apparently something in the Snowden documents at least strongly suggests the NSA did know about it and did use it.

It's important to highlight that this isn't the kind of weakness anyone _else_ can take advantage of; a blackhat would still have to discover their private key, the exact same problem he was facing before. The NSA are apparently not dumb enough to rely on keeping math a secret.

But it seems every successful security service forgets the basic lesson: set up a system with unchecked power, the scum of the earth will eventually take notice. From that moment they'll dedicate their lives to getting control of it. They'll eventually succeed.. Snowden took advantage of criminally slack security in the NSA. Just the the fact that he could reveal the documents he revealed is proof the NSA have already gotten arrogant and sloppy, never mind what's in them.

No point pussy-footing around

[innocent_white_lamb]

There's no point in pussy-footing around this. It's obvious that RSA was either forced or "rewarded" into using an insecure method. And that they knew it at the time (because they are cryptographers and because they don't live in the bottom of a well.)

Therefore, RSA has proven themselves untrustworthy at best, corrupt at worst, and quite likely both.

The question is what to do next? Rip out everything RSA in all infrastructure and replace it with something that works appears to be the best approach, but how should that be done and what should it be replaced with? And, most importantly, how can we verify that replacement?