Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search


(36,988 posts)
Mon Mar 31, 2014, 09:54 AM Mar 2014

NSA infiltrated RSA security more deeply than thought: study

(Reuters) - Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.

Reuters reported in December that the NSA had paid RSA $10 million (£6 million) to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or "back door" - that allowed the NSA to crack the encryption.

A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.

The professors found that the tool, known as the "Extended Random" extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.


RSA Security


5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
NSA infiltrated RSA security more deeply than thought: study (Original Post) Ichingcarpenter Mar 2014 OP
Trust - The Government - One Must Be Delusional cantbeserious Mar 2014 #1
The NSA has corrupted the internet Ichingcarpenter Mar 2014 #2
But nobody uses RSA! hootinholler Mar 2014 #3
JFK Ichingcarpenter Mar 2014 #5
bump... nt Jesus Malverde Mar 2014 #4


(26,449 posts)
3. But nobody uses RSA!
Mon Mar 31, 2014, 11:39 AM
Mar 2014

We've known it's crackable for years!

That's what I've heard around here when I mentioned there was now proof of the NSA jacking encryption.

I have to wonder what other forms of encryption the NSA has 'helped'? Well to be specific, this is methods of random number generation they have helped. If the numbers assumed random in your encryption software aren't quite random, then that bias can be used to crack the encryption.

I'm also waiting for the news that they found a way to encode enough information about the private key when a public/private pair are generated, into the public key. If you could deduce the private key from the public one, then everything encoded with it is obviously compromised.


(36,988 posts)
5. JFK
Mon Mar 31, 2014, 02:52 PM
Mar 2014

“The very word “secrecy” is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and to secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it. Even today, there is little value in opposing the threat of a closed society by imitating its arbitrary restrictions.

Even today, there is little value in insuring the survival of our nation if our traditions do not survive with it.

And there is very grave danger that an announced need for increased security will be seized upon by those anxious to expand its meaning to the very limits of official censorship and concealment.

That I do not intend to permit to the extent that it’s in my control.

And no official of my Administration, whether his rank is high or low, civilian or military, should interpret my words here tonight as an excuse to censor the news, to stifle dissent, to cover up our mistakes or to withhold from the press and the public the facts they deserve to know.”

Latest Discussions»General Discussion»NSA infiltrated RSA secur...