NIST and RSA recommend avoiding encryption algorithm standard

Share this article:
RSA has agreed with NIST's recommendation to stop using the encryption algorithm.
RSA has agreed with NIST's recommendation to stop using the encryption algorithm.

Following an announcement by the National Institute of Standards and Technology (NIST), computer and network security company RSA has issued an advisory recommending against the use of a community-developed encryption algorithm that may contain a privacy-affecting backdoor.

The algorithm in question is Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG).

That means all versions of RSA's BSAFE Toolkits are affected, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C, as well as all versions of RSA's Data Protection Manager server and clients, according to the RSA advisory.  

RSA said customers should choose one of the different cryptographic Pseudo-Random Number Generators (PRNG) built into the BSAFE toolkit.

“To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG,” the advisory said. “Technical guidance, including how to change the default PRNG in most libraries, is available in the most current product documentation at https://knowledge.rsasecurity.com.”

Following the Edward Snowden leaks, the Dual_EC_DRBG has been reported as containing an National Security Agency (NSA) backdoor that would invalidate NIST's approval of the algorithm as an industry standard.

A NIST spokesperson said earlier this month that it “would not deliberately weaken a cryptographic standard,” and a couple of weeks later the organization issued the announcement suggesting people do not use Dual_EC_DRBG.

RSA declined a SCMagazine.com request for further information.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.