A group of researchers that included professors from Johns Hopkins, the University of Wisconsin, and the University of Illinois report that a tool developed by the National Security Agency would have allowed the agency to crack the widely used encryption protocol employed by customers of RSA.
The tool is called Extended Random, an extension for secure websites, which could enable the intelligence agency to decipher data encrypted with RSA’s now suspect Dual Elliptic Curve algorithm at a significantly faster rate than previously thought, allowing the agency to monitor what were thought to be secured communications.
The allegations further compound the damage to the security provider’s reputation after revelations late last year that RSA was paid $10 million by the NSA to weaken algorithms employed by random number generators in their encryption products.
Documents leaked by former NSA contractor Edward Snowden indicated that the NSA may have arranged for the leading encryption provider for both the government and the private sector to create a “back door” the intelligence agency could exploit for surveillance operations.
RSA officials denied the assertions at the time, but provided little in the way of details, stating, ”recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.”
The company also denies any knowledge of how Extended Random may have played into the NSA’s surveillance activities, and abandoned the tool last year around the same time they discontinued use of a suspect NIST Encryption Algorithm.
“We could have been more skeptical of NSA’s intentions. We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure,” RSA Chief Technologist Sam Curry said.
Read More Here…