NSA Infiltrated RSA Deeper Than Imagined

Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."

Thank goodness for open-source alternatives

[mrflash818]

So those that know how, can test and verify open-source alternatives are cryptographically secure, not back-doored, and safe for people to use.

Re:FIPS 140-2 4.9.2. The Other Back Door.

[TechyImmigrant]

>But making a practical attack based on that seems unlikely to me.

Q: If you have a 128 bit 'full entropy' key K[127:0] , how much is the entropy reduce if K[(n*16)+15:(n*16)] K[((n+1)*16)+15:((n+1)*16)] for n in {0..7} ?
A: A lot.

I.E. It reduces the brute force search space by a lot.