The National Security Agency (NSA) had two encryption tools that were adopted by EMC-owned security firm RSA, allowing the federal government easier access to snoop on Web communications, academic researchers recently noted.
The researchers are largely made up from professors at the University of Wisconsin, University of Illinois and Johns Hopkins, as they found the "Extended Random" extension which is able to nullify the RSA Dual Elliptic Curve software faster.
"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," a researcher told Reuters.
The researchers also noted:
"The C version of BSAFE makes a drastic speedup in the attack possible by broadcasting long contiguous strings of random bytes and by caching the output from each generator call. The Java version of BSAFE includes fingerprints in connections, making it relatively easy to identify them in a stream of network traffic."
This is a discussion that RSA would likely hoped to remain quiet, as RSA executive chairman Art Coviello defend the company's actions during the RSA Conference earlier in the year.