Snowden disclosures prompt warning on widely used computer security formula

By -

In the latest fallout from Edward Snowden's intelligence disclosures, a major U.S. computer security company warned thousands of customers on Thursday to stop using software that relies on a weak mathematical formula developed by the National Security Agency.

 


RSA, the security arm of storage company EMC (EMC.N) Corp, told current customers in an email that a toolkit for developers had a default random-number generator using the weak formula, and that customers should switch to one of several other formulas in the product.


Last week, the New York Times reported that Snowden's cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government's National Institute of Standards and Technology, to push for a formula that it knew it could break.


NIST, which accepted the NSA proposal in 2006 as one of four systems acceptable for government use, this week said it would reconsider that inclusion in the wake of questions about its security.

But RSA's warning underscores how the slow-moving standards process and industry practices could leave many users exposed to hacking by the NSA or others who could exploit the same flaw for years to come.

RSA had no immediate comment. It was unclear how the company could reach all the former customers of its development tools, let alone how those programmers could in turn reach all of their customers.

Developers who used RSA's "BSAFE" kit wrote code for Web browsers, other software, and hardware components to increase their security. Random numbers are a core part of much modern cryptography, and the ability to guess what they are renders those formulas vulnerable.

The NSA-promoted formula was odd enough that some experts speculated for years that it was flawed by design. A person familiar with the process told Reuters that NIST accepted it in part because many government agencies were already using it.

But after the Times report, NIST said it was inviting public comments as it re-evaluated the formula.
"If vulnerabilities are found in these or any other NIST standards, we will work with the

Cryptographic community to address them as quickly as possible," NIST said on September 10.
Snowden, who is wanted on U.S. espionage charges and is living in temporary asylum in Russia, disclosed secret NSA programs involving the collection of telephone and email data.

Comments

Post a Comment

Popular posts from this blog

Timeline of Windows Os

By -
Image
Windows Operating System (Client) 1. Windows 1.0  version 1.0 released on 20 November 1985 - Stopped on December 1987. 2. Windows 2 Microsoft Windows version 2 came out on 9 December 1987 - Stopped on 1990 3. Windows 3.0  Windows 3.0 released in May 1990 - Windows 3.1 ended on December 31, 2001  Windows 3.1 Introduced the logo. 4. Windows 9x (95) Windows 95, released in August 1995 - Windows 95 ended on December 31, 2000 5. Windows 9x (98) Windows 98 released on June 25, 1998 - Windows 98 ended on July 11, 2006. 6. Windows ME Microsoft released On September 14, 2000 Windows ME (Millennium Edition). 7. Windows NT Windows NT 3.1 (named to associate it with Windows 3.1) was released in July 1993. Windows NT 3.5 was released in September 1994. Novell's NetWare and was followed up by Windows NT 3.51 in May 1995. Windows NT 4.0 was released in June 1996. Windows 2000 released On February 17, 2000. 8. Windows Xp ...
Post

Differences of Cat 5e, Cat 6 & Cat 6a

By -
Image
     What's important to note here, is that even Cat5e supports Gigabit Ethernet. So, unless you think you might need 10 Gigabits across a given link, Cat5e will do the trick just fine. Cat5e can even handle 10 Gigabit Ethernet at short distances, so within a server room for example as a backbone link, Cat 5e cable is rated to handle it. What's more likely though, is that you'll be running any 10 Gigabit connections over fiber.        It may sound like a single lowercase letter is all that sets Cat6 apart from Cat6a, but that one little letter stands for augmented, and represents a world of difference. Even while Cat6 is still gaining popularity as the go-to cable standard for network installers, Cat6a has come along in and outdone it in performance, crosstalk prevention, and even size. Trying to decide which one is right for you or your clients? Category 5e Cable:      ...
Post

2013 Top 10 Anti-Virus Software's

By -
Image
1. Bitdefender Antivirus Plus 2013:         A strong, easy-to-use antivirus software that can stand efficiently against malicious malwares and do the best job- that is Bitdefender Antivirus Plus 2013. Truly deserved to be at the number one- the Bitdefender Antivirus Plus 2013 offers effective security, simple usability, effective resource usage, at a very tempting price point. With superior protection and high-class performance assured, the Bitdefender Antivirus Plus is a must-have, whether you are an advanced user looking to control the whole process manually or an average user who simply wants a set-and-forget solution.   Pros:   Bitdefender Antivirus Plus includes 24/7 technical support. Cons: Well, there aren’t any cons to say at least. Summary: This antivirus software beats the threats from viruses, worms, Trojans and other malware. It protects against the dangers that appear on social m...
Post