RSA warns over NSA link to encryption algorithm

Khannie · 20-09-2013 4:07pm #1

http://www.bbc.co.uk/news/technology-24173977

BBC News wrote:

RSA, the internet security firm, has warned customers not to use one of its own encryption algorithms after fears it can be unlocked by the US National Security Agency (NSA).

In an advisory note to its developer customers, RSA said that a default algorithm in one of its toolkits could contain a "back door" that would allow the NSA to decrypt encrypted data.

omahaid · 20-09-2013 7:43pm

What's the back door? I vaguely remember from the standards they warned about insecure generator points and considering NIST give you generator points to use I suspect those...

omahaid · 20-09-2013 7:45pm

Although thinking about that, if it was the generator points then all ECDLP based algorithms which use those points would be vulnerable so it probably isnt that. Must do more research

Khannie · 23-09-2013 9:36am

omahaid wrote: »

What's the back door? I vaguely remember from the standards they warned about insecure generator points and considering NIST give you generator points to use I suspect those...

I'm not sure what it is actually. I had in my head a flaw in the random number generator alright. Did you get any further with your research?

oscarBravo · 23-09-2013 10:17am

There isn't a known back door afaik, but the constants chosen for the elliptic curves turned out to be suspicious, and they were given to NIST by NSA. It's usual when choosing constants for a cryptography function to make sure they are "nothing up my sleeve" numbers - either the output from a verifiably random function, or something similar - but these constants were chosen with no explanation given, which makes them suspect.

That's my half-educated understanding of the issue, at least. It's not that we know NSA can break the algorithm; it's that they've acted in a way that's consistent with the suspicion that they may have weakened it, which is reason enough not to trust it.

omahaid · 23-09-2013 11:31am

Here's the publication from NIST

http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf

This appears to be the problem

Concern has been expressed about one of the DRBG algorithms in SP 800-90/90A and ANS X9.82: the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm. This algorithm includes default elliptic curve points for three elliptic curves, the provenance of which were not described. Security researchers have highlighted the importance of generating these elliptic curve points in a trustworthy way. This issue was identified during the development process, and the concern was initially addressed by including specifications for generating different points than the default values that were provided. However, recent community commentary has called into question the trustworthiness of these default elliptic curve points

It does seem to be the generator points. I assume they are different to the points supplied for ECDH & ECDSA

Khannie · 23-09-2013 1:31pm

Interesting read. Fair play to them for actively trying to fix it.

RSA warns over NSA link to encryption algorithm

Comments