Technology content trusted in North America and globally since 1999
8,190 Reviews & Articles | 61,957 News Posts

RSA provided the NSA with more information than originally thought

The reported RSA-NSA relationship was closer than anticipated, with the security company providing access to the US federal government yet again
By: Michael Hatamoto | Hacking & Security News | Posted: Apr 1, 2014 10:07 pm

The National Security Agency (NSA) had two encryption tools that were adopted by EMC-owned security firm RSA, allowing the federal government easier access to snoop on Web communications, academic researchers recently noted.




The researchers are largely made up from professors at the University of Wisconsin, University of Illinois and Johns Hopkins, as they found the "Extended Random" extension which is able to nullify the RSA Dual Elliptic Curve software faster.


"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," a researcher told Reuters.


The researchers also noted:


"The C version of BSAFE makes a drastic speedup in the attack possible by broadcasting long contiguous strings of random bytes and by caching the output from each generator call. The Java version of BSAFE includes fingerprints in connections, making it relatively easy to identify them in a stream of network traffic."


This is a discussion that RSA would likely hoped to remain quiet, as RSA executive chairman Art Coviello defend the company's actions during the RSA Conference earlier in the year.


Related Tags

Got an opinion on this news? Post a comment below!