RSA

Guttorm · 12-21-2013, 09:07 AM

Hello

I just read this:

http://yro.slashdot.org/story/13/12/...r-10m-from-nsa

I can't really say I understand the details. But it looks like RSA does not deserve any trust anymore. When this Snowden guy managed to get all that stuff from NSA, how can we know other malicious people don't have access to the backdoors?

We have been using RSA keys for ssh login and I think for HTTPS for some servers. Is there anything we can or should do?

ntubski · 12-21-2013, 09:42 AM

Quote:

Originally Posted by Guttorm

But it looks like RSA does not deserve any trust anymore.
...
We have been using RSA keys for ssh login and I think for HTTPS for some servers. Is there anything we can or should do?

http://en.wikipedia.org/wiki/Rsa

Quote:

RSA may refer to:
...
RSA (algorithm), an algorithm for public-key encryption
...
RSA (security firm), a U.S. network security provider, a division of EMC Corporation

RSA the security firm may not deserve trust. RSA the algorithm used for ssh keys and HTTPS is fine (although HTTPS itself has some problems).

Guttorm · 12-21-2013, 01:12 PM

Thank you! We don't use any of the security firm's products.

metaschima · 12-21-2013, 01:54 PM

They weakened encryption by using the Dual EC PRNG, which is known to be backdoored by the NSA, and is a NIST standard.

Quote:

An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.

RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.

RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

"The labs group had played a very intricate role at BSafe, and they were basically gone," said labs veteran Michael Wenocur, who left in 1999.

Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door."

http://www.reuters.com/article/2013/...9BJ1C220131220

So ntubski is right in that this is NOT about the RSA encryption algorithm, but rather about Dual EC PRNG.

The only thing this story really adds is a bribery charge between the NSA and the company RSA.

The backdoor was detected more than a year ago:
http://cyberwarzone.com/did-nsa-put-...ption-standard

metaschima · 01-01-2014, 01:50 PM

Here is something useful, a proof of concept for the Dual EC PRNG backdoor:
http://blog.0xbadc0de.be/archives/155
It leaks its internal state in 32 bytes of output. It was purposefully introduced as an NIST and FIPS standard by the NSA, and they paid off RSA to use it too.

Note that only the NSA can exploit the weakness that they introduced.

I'm looking forward to seeing more NSA-recommended crypto standards being taken apart to see what is underneath. Not that I can't imagine what is there.

metaschima · 04-23-2014, 11:51 AM

The NIST finally removes the compromised Dual_EC_DRBG from their recommendations.
https://www.techdirt.com/articles/20...ndations.shtml