Security provider RSA adopted a second code generator developed by the United States National Security Agency which effectively made it easier for hackers to defeat the company’s BSafe cryptography kit, according to a research paper by several universities.
Last December it was reported that the NSA paid RSA $10 million to make the NSA developed Dual Elliptic Curve random number generator a default feature in software used for numerous Internet and computer security programs. Dual Elliptic Curve was used in BSafe.
Following the expose by NSA whistleblower Edward Snowden of the government’s agency’s massive phone data collection scheme, it was revealed that the Dual Elliptic Curve had a “back door” which allowed the NSA to crack its encryption.
Today, a report by the newswire service Reuters said that a group of professors from the John Hopkins University, the University of Wisconsin, the University of Illinois and other universities found that RSA adopted another NSA tool which further weakened the company’s products.
A 2008 Pentagon-funded paper plugged Extended Random as a way to improve the randomness of numbers generated by Dual Elliptic Curve.
The report by the professors, however, said the tool, called the Extended Random extension for Web sites, makes RSA’s Dual Elliptic Curve software “tens of thousands of times faster” to crack.
RSA, which was acquired in 2006 by EMC Corp, did not dispute the report but said it not intentionally weaken any of its products.
RSA could have been “more skeptical” of the NSA’s intentions but the company trusted the agency because “they are charged with security for the U.S. government and U.S. critical infrastructures,” said Sam Curry, chief technologist for RSA.
Many experts had previously aired suspicions about Dual Elliptic Curve, but it was only after Snowden’s leak of NSA documents that RSA and the National Institute of Standards and Technology renounced the technology.
Adding Extended Random “does seem to provide any security benefits that we can figure out,” said Thomas Ristenpart of the University of Wisconsin. He said the extra data transmitted by Extended Random before a secure connection begins actually made predicting the following secure numbers easier.