Categories: SecurityWorkspace

Another NSA Tool ‘Exposes Weaknesses Of RSA Encryption’

Security firm RSA has had to cope with yet more criticism over its alleged ties with the National Security Agency, after a second tool was found in its products that was co-developed by the under-fire intelligence body.

Last year, a Reuters report claimed RSA had accepted $10 million to include a flawed encryption method, known as Dual Elliptic Curve Deterministic Random Bit Generation (Dual-EC-DRBG) , in its BSAFE line of encryption libraries. RSA has denied it knowingly included backdoors in its products.

Now researchers from a number of US universities have claimed another NSA-developed tool, known as Extended Random, would make exploitation of the Dual-EC-DRBG far easier.

RSA + NSA = insecurity?

Extended Random is an extension that is supposed to improve the security of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption, something widely used to make websites and internet services like email more secure. BSAFE libraries can be used to set up SSL connections.

The researchers found that instead of adding security, as it was supposed to, Extended Random actually made an attack simpler by exposing streams of data that would make it easier to predict the random numbers needed for encryption keys. That made decrypting SSL connections using BSAFE a considerably quicker process, they said.

“This extension, co-written at the request of the National Security Agency, allows a client to request longer TLS random nonces from the server, a feature that, if it enabled, would speed up the Dual EC attack by a factor of up to 65,000,” they wrote in an online post for their research.

They also claimed to have found a range of other problems across the BSAFE range of products, again leaking information that would help in the decrypting process.

“The RSA BSAFE implementations of TLS make the Dual EC back door particularly easy to exploit compared to the other libraries we analysed,” the researchers added.

“The C version of BSAFE makes a drastic speedup in the attack possible by broadcasting long contiguous strings of random bytes and by caching the output from each generator call. The Java version of BSAFE includes fingerprints in connections, making it relatively easy to identify them in a stream of network traffic.”

RSA did not deny any of the claims in the research, due to be outlined in full later this year. RSA chief technologist Sam Curry told Reuters the company could have been more distrustful of the NSA and its code.

“We trusted them because they are charged with security for the US government and US critical infrastructure,” Curry added.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

19 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

20 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

21 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago