[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cryptography] RSA recommends against use of its own products.

----- Forwarded message from Ray Dillinger <[email protected]> -----

Date: Fri, 20 Sep 2013 11:08:00 -0700
From: Ray Dillinger <[email protected]>
To: [email protected]
Subject: [Cryptography] RSA recommends against use of its own products.
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130828 Icedove/17.0.8

More fuel for the fire...


RSA today declared its own BSAFE toolkit and all versions of its
Data Protection Manager insecure, recommending that all customers
immediately discontinue use of these products.

The issue is apparently the Random Number Generator that these
products use, the rather amusingly named "Dual Elliptic Curve
Deterministic Random Bit Generator." *1

And according to more of the Snowden Files released to (or by)
the New York Times last week, that pseudorandom generator is
deliberately flawed in order to allow it to be sod...  um,
excuse me, I should have said, to permit backdoor penetration.

RSA was truly between a rock and a hard place here as I see it.
With the deliberate weakness now made public, they took a terrific
blow to their business.  But failure to follow up with a
recommendation against their own products, no matter how much
additional financial pain that action entails, would have
destroyed all trust in their company and prospects for future
business.  As best I can tell, they have lost $Millions at least
due to the tampering of their products, and American security
and software companies taken as a whole are in the process of
losing $Billions to foreign competitors for the same reasons.

I wonder, would a class action suit seeking compensation for this
wholesale sabotage be within the jurisdiction of the FISA court?


*1 "Anyone who attempts to generate random numbers by
    deterministic means is, of course, living in a
    state of sin." -- John Von Neumann
The cryptography mailing list
[email protected]

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130923/a68fc4b7/attachment.sig>