One of the most reliable forms of Internet encryption and security (pre NSA) of the company RSA Security (now part of EMC Corp), is being questioned after the storm of revelations that emerged from the leaked documents Edward Snowden.
The documents revealed that the NSA had created a flawed one system random number generator (Dual_EC_DRBG), Dual Elliptic Curve, which the major security company RSA used in its BSAFE crypto number generator tool.
To this day RSA Security argued that all this is not true, but a new Snowden document revealed that RSA received 10 million dollars from the NSA to keep its encryption weak.
Researchers from Johns Hopkins, the University of Wisconsin, and the University of Illinois claim that the security firm adopted a tool suggested to them by the NSA, the Extended Random extension, which they used to "secure websites.” Of course the tool left backdoors for the NSA and helped the Secret Service crack the Dual Elliptic Curve very quickly as reported by Reuters.
(researchers took 3 seconds to break a free version of BSafe for the C programming language even without Extended Random because they had already created several random bits before the secure connection started.)
The Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC_DRBG) is a cryptographic generator that produces pseudo-random numbers and was developed by the National Security Service (NSA) cryptographers and was later adopted by RSA Security in the security kit he used, the BSAFE, which he approved Dual Elliptic Curve.
"While the Extended Random was not widely adopted, the new research sheds light on how the NSA expanded the reach of its surveillance with purported protection tips in various businesses. "
Η RSA Security had denied the charges, and stated that he had no intention of weakening their security productof hers. The Extended Random had been removed from its protection software RSA Security in the last six months.
"We could be more wary of the NSA's intentions," RSA Chief Technologist Sam Curry told the Reuters . "They were trusted because they are charged with the security of the US government and critical infrastructure."
So far, it has not been revealed whether RSA has received money from the NSA to add this second backdoor or not. But the news again raises some alarming questions in each of us' minds about the relationship of the security service with the US intelligence service NSA.
