Major US Security Company Warns Over NSA Link to Encryption Formula

WHISTLEBLOWING - SURVEILLANCE, 23 Sep 2013

Charles Arthur and agencies – The Guardian

RSA, the security arm of EMC, sends email to customers over default random number generator which uses weak formula.

A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA).

RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product.

The abrupt warning is the latest fallout from the huge intelligence disclosures by the whistleblower Edward Snowden about the extent of surveillance and the debasement of encryption by the NSA.

Last week, the New York Times reported that Snowden’s cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government’s National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, the NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security.

RSA’s warning underscores how the slow-moving standards process and industry practices could leave many users exposed to hacking by the NSA or others who could exploit the same flaw for years to come.

Rik Ferguson, of the security company Trend Micro, told the Guardian: “That particular standard, the Pseudo Random Number Generator [PRNG] standard, has long been thought to have at best a weakness, and at worst a back door, pretty much since its publication in 2006.”

Encryption systems use pseudo-random number generators as part of a complex mathematical process of creating theoretically uncrackable codes. If the number sequences generated can be predicted, that makes the code crackable, given sufficient computing power.

Ferguson pointed to a 2007 presentation by two researchers from Microsoft, Dan Shumow and Niels Ferguson, in which they said: “What we are not saying: NIST intentionally put a back door in this PRNG. What we are saying: the prediction resistance of this PRNG … is dependent on solving one instance of the elliptic curve discrete log problem. (And we do not know if the algorithm designer knew this beforehand.)”

A person familiar with the process by which NIST would have accepted the PRNG told Reuters that it accepted the code in part because many government agencies were already using it.

RSA had no immediate comment when quizzed by Reuters about the email. It was unclear how the company could reach all the former customers of its development tools, let alone how those programmers could in turn reach all of their customers. That could mean that the weakened PRNG has been used in products spread around the world over the past seven years.

Developers who used RSA’s “BSAFE” kit wrote code for web browsers, other software and hardware components to increase their security.

Rik Ferguson said: “The advantage of [the flaw] being so public for so long is that its use has been limited. Typically, cryptographers tend to avoid algorithms that have been shown to be weak. Nonetheless, it’s not so much the weakness of the standard that counts, but ‘security’ services’ willingness to subvert the very building blocks that so many of their own citizens and enterprises may later come to rely on for confidentiality and security.”

He added: “Now that the ruse of covertly influencing standards has become public knowledge, it will be difficult to maintain trust in that system. After all, what’s good for the goose is good for the adversary.”

After the Times report, NIST said it was inviting public comments as it re-evaluated the formula.

On 10 September, NIST said: “If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible.”

Go to Original – theguardian.com

Share this article:


DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.

Comments are closed.