RSA
Hello
I just read this: http://yro.slashdot.org/story/13/12/...r-10m-from-nsa I can't really say I understand the details. But it looks like RSA does not deserve any trust anymore. When this Snowden guy managed to get all that stuff from NSA, how can we know other malicious people don't have access to the backdoors? We have been using RSA keys for ssh login and I think for HTTPS for some servers. Is there anything we can or should do? |
Quote:
Quote:
|
Thank you! We don't use any of the security firm's products.
|
They weakened encryption by using the Dual EC PRNG, which is known to be backdoored by the NSA, and is a NIST standard.
Quote:
So ntubski is right in that this is NOT about the RSA encryption algorithm, but rather about Dual EC PRNG. The only thing this story really adds is a bribery charge between the NSA and the company RSA. The backdoor was detected more than a year ago: http://cyberwarzone.com/did-nsa-put-...ption-standard |
Here is something useful, a proof of concept for the Dual EC PRNG backdoor:
http://blog.0xbadc0de.be/archives/155 It leaks its internal state in 32 bytes of output. It was purposefully introduced as an NIST and FIPS standard by the NSA, and they paid off RSA to use it too. Note that only the NSA can exploit the weakness that they introduced. I'm looking forward to seeing more NSA-recommended crypto standards being taken apart to see what is underneath. Not that I can't imagine what is there. |
The NIST finally removes the compromised Dual_EC_DRBG from their recommendations.
https://www.techdirt.com/articles/20...ndations.shtml |
All times are GMT -5. The time now is 10:44 AM. |