NIST and RSA recommend avoiding encryption algorithm standard

Share this article:
RSA has agreed with NIST's recommendation to stop using the encryption algorithm.
RSA has agreed with NIST's recommendation to stop using the encryption algorithm.

Following an announcement by the National Institute of Standards and Technology (NIST), computer and network security company RSA has issued an advisory recommending against the use of a community-developed encryption algorithm that may contain a privacy-affecting backdoor.

The algorithm in question is Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG).

That means all versions of RSA's BSAFE Toolkits are affected, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C, as well as all versions of RSA's Data Protection Manager server and clients, according to the RSA advisory.  

RSA said customers should choose one of the different cryptographic Pseudo-Random Number Generators (PRNG) built into the BSAFE toolkit.

“To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG,” the advisory said. “Technical guidance, including how to change the default PRNG in most libraries, is available in the most current product documentation at https://knowledge.rsasecurity.com.”

Following the Edward Snowden leaks, the Dual_EC_DRBG has been reported as containing an National Security Agency (NSA) backdoor that would invalidate NIST's approval of the algorithm as an industry standard.

A NIST spokesperson said earlier this month that it “would not deliberately weaken a cryptographic standard,” and a couple of weeks later the organization issued the announcement suggesting people do not use Dual_EC_DRBG.

RSA declined a SCMagazine.com request for further information.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.