One of the most reliable formats encryptionand internet security (pre-NSA) of the company RSA Security (now part of EMC Corp), is being questioned after the storm of revelations that emerged from the leaked documents Edward Snowden.
The documents revealed that the NSA had created a Dual Elliptic Curve (Dual_EC_DRBG), which the largest RSA security company was using in the BSAFE Encryption Number Generator tool.
To this day RSA Security argued that all this is not true, but a new Snowden document revealed that RSA received 10 million dollars from the NSA to keep its encryption weak.
Researchers from Johns Hopkins, the University of Wisconsin, and the University of Illinois claim that the security company adopted a tool suggested by the NSA, the Extended Random extension they used for "secure websites." Of course, the tool left behinddoors for it. The NSA and the Secret Service were helping the Dual Elliptic Curve breach too fast as the Reuters.
(researchers took 3 seconds to crack a free version of BSafe for language (C programming even without Extended Random, because they had already generated enough random bits before the secure connection started.)
The Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC_DRBG) is a cryptographic generator that produces pseudo-random numbers and was developed by the National Security Service (NSA) cryptographers and was later adopted by RSA Security in the security kit he used, the BSAFE, which he approved Dual Elliptic Curve.
"While the Extended Random not widely adopted, new research shows light in the way the NSA expanded the reach of its surveillance with alleged security tips on various businesses.”
Η RSA Security had denied the accusations, and said it did not intend to weaken the safety of its products. The Extended Random had been removed from its protection software RSA Security in the last six months.
"We could be more cautious about the NSA's intentions," RSA Chief Technology Officer Sam Curry told Reuters. "They trusted them because they are responsible for the security of the US government and critical infrastructure."
So far, it has not been revealed whether RSA has received money from the NSA to add this second backdoor or not. But the news again raises some alarming questions in each of us' minds about the relationship of the security service with the US intelligence service NSA.
