Security outfit RSA has already had its name tarnished by the fact that the NSA paid it to distribute a mechanism (the Dual_EC_DRGB “Dual Elliptic Curve” random number generator) that turned out to be flawed. Now Reuters reports that RSA, these days part of EMC, also distributed a second NSA-recommended tool, the “Extended Random” extension, which researchers say made it easier to crack a version of the Dual Elliptic Curve software. Although Extended Random was included in the Bsafe security suite alongside Dual_EC_DRGB, it was sparsely adopted and was removed in the last 6 months. Again, RSA denies deliberately weakening its products.
Subscriber content
?
Subscriber content comes from Gigaom Research, bridging the gap between breaking news and long-tail research. Visit any of our reports to learn more and subscribe.
Advertisement
Advertisement
Advertisement
Comments have been disabled for this post