Serious encryption flaw revealed. Thanks again, NSA.

The NSA strikes again. Steve Gibson, in his Security Now podcast, yesterday revealed that RSA’s respected and popular BSAFE encryption library contains a serious weakness. Its default random number generator (RNG) isn’t especially random and was tweaked years ago by the NSA to provide them with a back door. RSA is the leading security software firm. Its products are used by most of the major software publishers — Microsoft, Apple, Google, et al. Programmers who use BSAFE may choose to use other (stronger) RNGs, but BSAFE’s default RNG is definitely weak, thanks to NSA’s tinkering.

Public_key_making.svgSecure encryption requires that a unique large random number be used for each encryption. If the number is predictable, the encrypted data can be cracked. Providing truly random large numbers isn’t easy, since computers are if nothing else, deterministic machines. They produce pseudo-random numbers. Typically they seed the RNG with a small random number such as the interval between mouse clicks.

Arstechnica explains: Stop using NSA-influenced code in our products, RSA tells customers

Observers fear that NSA’s actions such as this harm US software suppliers’ credibility. When a backdoor exists, not only is it available to its creator, but uninvited visitors may hammer on it, as well.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s