Ride the Lightning

RSA Warns Against Use of One of Its Encryption Algorithms

October 1, 2013

Last week, The Guardian (amongst many others) published a story based on the continuing revelations of Mr. Snowden. It seems that the RSA, the security arm of storage company EMC, sent an e-mail to customers stating that they should stop using an encryption system which relied on a mathematical formula developed by the National Security Agency (NSA).

Apparently, the NSA used its public participation in the process for setting voluntary cryptography standards, run by the government's National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security.

Since we have all become cynics, the only remaining question is whether the weakness of the particular formula was an intentional back door for the NSA. Most commentators believe it was. If there is a silver lining here, it is that public scrutiny may force NIST and others to sever ties with the NSA when it comes to setting standards.

http://twitter.com/sharonnelsonesq