One of the most reliable forms of encryption and better safetyof the Internet (pre-NSA) of the company RSA Security (now part of EMC Corp), is being questioned after the storm of revelations that emerged from the leaked documents Edward Snowden.
The documents revealed that the NSA had created a Dual Elliptic Curve (Dual_EC_DRBG), which the largest RSA security company was using in the BSAFE Encryption Number Generator tool.
To this day RSA Security argued that all this is not true, but a new Snowden document revealed that RSA received 10 million dollars from the NSA to keep its encryption weak.
Researchers from Johns Hopkins, the University of Wisconsin, and the University of Illinois claim that the security company adopted a tool suggested to them by the NSA, the Extended Random extension, which they used for "secure websites." Of course the tool left backdoors for the NSA and helped the secret service to violate the Dual Elliptic Curve too quickly as it states Reuters.
(researchers took 3 seconds to crack a free version of BSafe for the C programming language even without Extended Random, because they had already generated enough random bits before the safeconnection.)
The Dual Elliptic Curve Deterministic Random Bit generator (Dual EC_DRBG) is a pseudo-random number generator developed by National Security Agency (NSA) cryptographers and later adopted by RSA Security in the security kit he used, the BSAFE, which he approved Dual Elliptic Curve.
"While the Extended Random Not widely adopted, the new investigation sheds light on how the NSA has expanded its surveillance range with alleged protection advice to various companies. ”
Η RSA Security had denied the accusations, and said it did not intend to weaken the safety of its products. The Extended Random had been removed from its protection software RSA Security in the last six months.
"We could be more cautious about the NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. “They trusted them because they are in charge of her security governmentand critical US infrastructure.”
So far, it has not been revealed whether RSA has received money from the NSA to add this second backdoor or not. But the news again raises some alarming questions in each of us' minds about the relationship of the security service with the US intelligence service NSA.