NIST and RSA recommend avoiding encryption algorithm standard

Share this article:
RSA has agreed with NIST's recommendation to stop using the encryption algorithm.
RSA has agreed with NIST's recommendation to stop using the encryption algorithm.

Following an announcement by the National Institute of Standards and Technology (NIST), computer and network security company RSA has issued an advisory recommending against the use of a community-developed encryption algorithm that may contain a privacy-affecting backdoor.

The algorithm in question is Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG).

That means all versions of RSA's BSAFE Toolkits are affected, including all versions of Crypto-C ME, Micro Edition Suite, Crypto-J, Cert-J, SSL-J, Crypto-C, Cert-C, SSL-C, as well as all versions of RSA's Data Protection Manager server and clients, according to the RSA advisory.  

RSA said customers should choose one of the different cryptographic Pseudo-Random Number Generators (PRNG) built into the BSAFE toolkit.

“To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG,” the advisory said. “Technical guidance, including how to change the default PRNG in most libraries, is available in the most current product documentation at https://knowledge.rsasecurity.com.”

Following the Edward Snowden leaks, the Dual_EC_DRBG has been reported as containing an National Security Agency (NSA) backdoor that would invalidate NIST's approval of the algorithm as an industry standard.

A NIST spokesperson said earlier this month that it “would not deliberately weaken a cryptographic standard,” and a couple of weeks later the organization issued the announcement suggesting people do not use Dual_EC_DRBG.

RSA declined a SCMagazine.com request for further information.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.